Burp Suite Deep Dive
What you'll learn
- Understand application security at a deeper level
- Understand Burp Suite multiple features
- Understand how proxying browser traffic works
- Use Burp Suite in realistic scenarios
- Experience in Application Security Testing
- Burp Suite Professional is preferred, but Community works as well
A deep dive into many of the features of Burp Suite Professional Edition, one of the most utilized pieces of software by application security professionals. The curriculum includes, but is not limited to, the following:
The basics (plus a lot of nuggets on how I set it up and use it in my personal application security testing projects and penetration testing assessments)
Advanced scoping (simple and with regex)
Sitemap and Scanner (plus how I filter for noise traffic so that I can have a seamless testing experience)
Repeater (probably the most utilized feature of this toolkit. This is one of my favorite features)
Intruder (and different types of attacks depending on the context you find yourself in)
Decoder (how to encode/decode different types of inputs on the go, without having to use other external tools)
Comparer (byte-to-byte and word-to-word comparison of different input - very useful in authorization testing)
Sequencer (with an insightful use case where we determine the entropy of a token)
BApp Store (and my top favorite extensions)
and many more, including practical examples and how I use Burp Suite myself as an AppSec professional.
This course uses Burp Suite Professional Edition. You do not need to own a professional edition of this software, but it would be preferable if you do, as it would allow you to finely replicate all the practical examples in the course.
Who this course is for:
- Information Security Professionals who are interested in Application Security Testing
I’m Cristi. I hold an MS in Civil Engineering and I work as a Cybersecurity Analyst. I've got my Offensive Certified Security Professional Certification a couple of months ago.
Machine learning and AI are currently on my high interests as well and I am looking to combine ML/AI with cybersecurity at some point in the future.