RSS Security

πŸ”’
❌ About FreshRSS
There are new articles available, click to refresh the page.
β˜‘ β˜† βœ‡ PortSwigger Blog

Enterprise Edition: agents

β€”
The key to Burp Suite Enterprise Edition's extreme scalability is the pool of agents: Agents can be installed on indefinitely many computers, including the main Enterprise server itself. Each agent co
β˜‘ β˜† βœ‡ PortSwigger Blog

Enterprise Edition: configuring your team

β€”
Burp Suite Enterprise Edition supports simultaneous access by multiple users, and lets you configure role-based access control (RBAC). You can define roles within the application, or use the predefine
β˜‘ β˜† βœ‡ PortSwigger Blog

Enterprise Edition: CI integration

β€”
Burp Suite Enterprise Edition has full support for integration with CI/CD systems. There is a REST API that can be used to initiate scans and obtain the results: There is a native Burp CI pluginΒ 
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp Suite Enterprise Edition beta now available

β€”
Burp Suite Enterprise Edition 1.0 beta is now available, for purchase and free trial. This is a brand new product with the following key features: Server installation with a scalable architecture, and
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp 2.0: Where are the Spider and Scanner?

β€”
This week, we'll be publishing a series of blog posts aimed at helping people move from Burp 1.x to Burp 2.0. We'll be looking at various Burp features that work in a different way in Burp 2.0, and he
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp 2.0: Where is the scan queue?

β€”
Burp 1.x had a fairly prominent view of the active scan queue, which you could monitor to see how your scanning was progressing. Where has this gone? Burp 1.x Previously, the top-level Scanner tab let
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp 2.0: How do I scan individual items?

β€”
When manually testing an application you often want to perform a scan of a single item of interest or a small range of requests. Burp 2 gives you more powerful ways of doing this. Burp 1.x In Burp 1.x
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp 2.0: Where is live scanning?

β€”
Burp 1.x had some features tucked away within the Spider and Scanner tools that controlled the automated processing that Burp performed on traffic passing through the Proxy. Where have these features
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp 2.0: How do I throttle requests?

β€”
When performing scans, you might want to limit the rate at which requests are made. Burp 1.x had settings for request throttling within the Spider and Scanner tools. These settings applied to all requ
β˜‘ β˜† βœ‡ PortSwigger Blog

Introducing the Web Security Academy

β€”
We are pleased to announce the launch of the Web Security Academy.Β  This isΒ a brand new learning resource providingΒ training on web security vulnerabilities, techniques for finding and
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp Suite roadmap for 2020

β€”
We have big plans for Burp Suite during 2020, aimed at improving its value to professional testers, software development teams, and businesses with web assets to protect. Here, we’re sharing some key
β˜‘ β˜† βœ‡ PortSwigger Blog

A one million milestone for the Web Security Academy

β€”
13 years ago, I wrote The Web Application Hacker’s Handbook. Fast forward to today, two editions and the release of the Web Security Academy later, it's clear that people still have a huge appetite fo
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp Suite roadmap update: July 2020

β€”
We’re half-way through 2020, and we’ve made a lot of progress towards the Burp Suite roadmap that we announced in January. We’d like to update everyone on our progress so far, and add some new items t
β˜‘ β˜† βœ‡ PortSwigger Blog

What steps can you take toward evolving your organization's security maturity?

β€”
The problem DevSecOps evolves the DevOps philosophy to include security earlier in the development process. Shifting it "left", if you will. This holds the promise of removing downstream bottlenecks,
β˜‘ β˜† βœ‡ PortSwigger Blog

Three priorities every AppSec leader should be focused on

β€”
The challenges faced by AppSec managers in the current digital landscape are numerous and ever-growing. However, we’d be willing to bet that every challenge you’re facing has been staring another wear
β˜‘ β˜† βœ‡ PortSwigger Blog

The state of DevSecOps: the latest stats and trends in 2020

β€”
It's been 8 years now since Neil MacDonald coined the term "DevSecOps" (originally "DevOpsSec") - and 11 since Patrick Debois came up with the term "DevOps" itself. We've been thinking a lot recently
β˜‘ β˜† βœ‡ PortSwigger Blog

Security is everybody's problem: The key to breaking the AppSec barrier.

β€”
What’s the deal with AppSec? The inherent separation between AppSec and other factions of an organization can make effective security enablement an illustrious and flighty target. In too many organiza
β˜‘ β˜† βœ‡ PortSwigger Blog

Finding your first bug: bounty hunting tips from the Burp Suite community

β€”
More and more people are getting into bug bounty hunting. In fact, HackerOne’s 2020 report showed that β€œthe hacker community nearly doubled last year to more than 600,000”. With so many people involve
β˜‘ β˜† βœ‡ PortSwigger Blog

Burp Suite tips from power user and "hackfluencer" StΓΆk

β€”
In his own words, StΓΆk is "that hacker that your friends told you about". In other words, he's a content creator with over 25 years of experience in the IT industry. He creates education, tutorial, an
❌