Hands-on security testers need the best tools for the job. Tools you have faith in, and enjoy using all day long. Burp Suite has long been that tool, and now, it's faster than ever. We’ve listened to ...

Performance is a critical factor in the usability and efficiency of any software, and Burp Suite is no exception. We've recently focused on enhancing Burp Suite's performance across several key areas ...

URL validation bypasses are the root cause of numerous vulnerabilities including many instances of SSRF, CORS misconfiguration, and open redirection. These work by using ambiguous URLs to trigger URL ...

Get to grips with all the basics of Burp Suite Professional with our video tutorials. Covering product essentials such as intercepting HTTP requests and responses, scanning a website, and a guide to ...

Listen to the whispers: web timing attacks that actually work 07 August 2024 Listen to the whispers: web timing attacks that actually work ...

The modern web is constantly developing, with new potential vulnerabilities emerging all the time. Ensuring your web applications are secure in the face of this evolving threat is a constant challenge ...

We updated the Azul Zulu JRE to 21.36.17. We added a new entry type to the user activity log that records when a scan is started, including details of which scheduled scan it belongs to. We now enter ...

This release introduces the ability to manually create issues, easier testing functionality for match and replace rules, and the option to save requests derived from an OpenAPI definition to the site ...

While manually testing, you may identify vulnerabilities that aren't automatically detected by Burp. You can create issues for these to make sure that they are included in your report. The issue is ...

This lab has a "Check stock" feature that embeds the user input inside a server-side XML document that is subsequently parsed. Because you don't control the entire XML document you can't define a DTD ...

If an application is vulnerable to the CL.TE variant of request smuggling, then sending a request like the following will often cause a time delay: The timing-based test for TE.CL vulnerabilities will ...

This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response. The lab server is running a (simulated) EC2 metadata ...