Burp Suite -101 for Application Security Testing null Chandigarh Meet 21 July 2018 Monthly Meet & Tech Talks
Web Application is the basic Interface for an organization to represent their working and Infrastructure. Developers use modern security skills to make the applications more secure, But the attackers are also catching up with these modern security techniques and finding security flaws in them. We will learn how we can use Burp Suite to detect such modern security flaws and use its unique features which are not normally used by today's pentesters. Throughout the talk, we will learn how we can use Burp Proxy, Spider, Intruder, Repeater, Sequencer, Project Options, User Options. We will make use of Burp SSL Pass-through, Invisible Proxy and Socks Proxy. In the talk, we will take some real time scenarios where we can properly make use of burp suite and protect the web application from being attacked.
By the end of the talk participants will be able to :
Understand Burp Suite toolset and its type of functionalities available.
Become more productive while testing for applications
The Participants will get the following :
A Gitbook of what I cover throughout the sessions with references
Vulnerable lab setup for practice
Other references to learn more about Burp Suite.
Presentation Time Required :
45 to 60 Minutes
Outline of the presentation :
- Setting up Burp Suite
1. Community vs Professional (Theory) 2. Setting up your Project (Hands-On)
- Spidering Web Application :
1. Scoping your target 2. Spidering your Scoped target 3. Privilege Escalation Discovery
- Identifying Vulnerabilities in your Web Application :
1. Talking about Socks Proxy in Burp, SSL Passthrough, Invisible Proxy 2. Using Intruder to identify and exploit SQL injection 3. Using Repeater to identify XSS injection Attacks 4. Using Sequencer for cookies and Session management Tokens
- Troubleshooting Burp Suite
1. Top 10 issues you may face in Burp Suite
Starts at Saturday July 21 2018, 11:00 AM. The sessions runs for 15 days.