By Tobias McCurry
As part of our penetration testing and vulnerability assessment services, SecureIT uses an application security testing (AST) tool called Burp by PortSwigger. (No, I don’t know why they’ve selected that name!.)
We regularly use Burp to scan web applications, identify vulnerabilities and misconfigurations, and actively exploit to penetrate and escalate privileges. Burp’s application-aware crawler can be used to map out application contents, prior to automated scanning or manual testing. Other features enable you to control exactly what hosts and URLs to include in scans and reduce false positives. Burp is a powerful application with extensive functionality. But just like any tool, such as a treadmill, it’s only beneficial if used.
Making the Most of Burp
Because Burp is one of the penetration testing tools most commonly used when performing web application security assessments, security professionals need to gain an understanding of the basics of Burp. Considering penetration testing is a vital component of any comprehensive security program, these skills will leave you better equipped to support your organization and serve clients. However, many professionals fail to use this tool to its full potential. We’ve created a series of webcasts to share our best practices and help users learn more and achieve a solid grasp of this tool.
So, if you have the app sitting unused the way treadmills often become clothes hangers, check out our video series to get up and running fast. And even if you don’t currently have the app, go download the free version.
Free Burp Tutorial 1 of 5: Burp Penetration Testing and Proxy Set-Up
In this video series, I’ll walk you through the app, help you navigate the many tabs and additional tabs within them, and explain primary functions. Next, I’ll show you some examples and explain results in greater depth to help you make sense of the findings. The first webcast, which is about proxy setup, is available now.
Sign up for our email newsletter to receive notice when the subsequent four videos are made available. Additionally, each tutorial video has a corresponding cheat sheet for reference. In this series we will be covering the Burp topics below:
1. Initial Assessment
3. Proxy Setup
4. Specialized Analysis & Detection
5. Test Definition
Comprehensive Penetration Testing Services
We hope you find the cheat sheets and videos to be helpful resources in your ongoing security efforts.
Unfortunately, malicious hackers continue to get smarter, but we know how to stay a step ahead. Please contact us to discuss how we can help you keep your data safe with our full spectrum of cybersecurity, risk, and audit services.