Burp Suite -101 for Web Application Security Testing null Delhi Meet 23 June 2018 Combined [null + OWASP] Meet
Web Application is the basic Interface for an organization to represent their working and Infrastructure. Developers use modern security skills to make the applications more secure, But the attackers are also catching up with these modern security techniques and finding security flaws in them. We will learn how we can use Burp Suite to detect such modern security flaws and use its unique features which are not normally used by today's pentesters. Throughout the talk, we will learn how we can use Burp Proxy, Spider, Intruder, Repeater, Sequencer. We will make use of Burp SSL Pass-through, Invisible Proxy, and Socks Proxy. In the talk, we will take some real time scenarios where we can properly make use of burp suite and protect the web application from being attacked.
By the end of the talk participants will be able to :
Understand Burp Suite toolset and its type of functionalities available.
Become more productive while testing for applications
The Participants will get the following :
A Gitbook of what we cover throughout the sessions with references
Vulnerable lab setup for practice
Other references to learn more about Burp Suite.
- Setting up Burp Suite
1. Community vs Professional (Theory) 2. Setting up your Project (Hands-On)
- Spidering Web Application :
1. Scoping your target 2. Spidering your Scoped target 3. Importing CA certificate In Burp Suite
- Identifying Vulnerabilities in your Web Application :
1. Talking about Socks Proxy in Burp, SSL Passthrough, Invisible Proxy 2. Using Intruder to identify and exploit SQL injection 3. Using Repeater to identify XSS injection Attacks 4. Using Sequencer for cookies and Session management Tokens 5. Using Burp for parameter Tampering 6. References to Learn more about Burp
Starts at Saturday June 23 2018, 11:45 AM. The sessions runs for about 1 hour.