|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: PortSwigger (mail
portswigger.net)
Date: Fri Feb 06 2009 - 02:20:44 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Andre
Burp Suite contains various tools to help you perform hands-on testing and
exploitation of web applications. As you browse an application, Burp builds
up a site map of all the discovered content and functionality. The Proxy
lets you view, analyse and modify all requests and responses used by the
application. Most often, you will need to modify individual requests in
various ways and look at the resulting responses to see if any
vulnerabilities are present. You can use Repeater to resend individual
requests over and over to test for issues and fine-tune your attacks. You
can also spider the application, test the randomness of its tokens (using
Sequencer), analyse any encoded data such as cookies (using Decoder), etc.
The pro version adds functionality to automate some of the testing process.
Burp Scanner performs active and passive tests for many kinds of
vulnerabilities. And Burp Intruder lets you perform automated custom attacks
to detect and exploit all kinds of issues.
The best place to start for help on using Burp is the online help
(http://portswigger.net/suite/help.html). To learn more in general about
hands-on testing, you can read my book, The Web Application Hacker's
Handbook. For more detail on individual subjects, you can look at books like
XSS Attacks (Seth Fogie) and the forthcoming SQL Injection Attacks (Justin
Clarke).
Hope that helps.
Cheers
PortSwigger
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On
Behalf Of Andre Rodrigues
Sent: 05 February 2009 20:03
To: webappsecsecurityfocus.com; webappsecsecurityfocus.com
Subject: BurpSuite newbie
Hi,
What can I do with Burp Suite in order to evaluate the security of the app´s
we develop?
Thanks,
André
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in the
development of any web application. What methodology should be followed?
What tools can accelerate the assessment process? Download this Whitepaper
today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]