Now that we have established the basic understanding of how robust the Burp crawler is, it's time to understand why Burp Scanner is the go-to scanner for any pentest. Most traditional scanners usually fuzz the input fields, check the response, and determine if there is a vulnerability or not. But what if the application has certain rules, like, what if the application has enforced dynamic CSRF for every request? What if the application is a very dynamic application that serves different content for the same URL/page based on states, or what if the application invalidates the user on a malformed request? Worry not, because Burp already treats this differently and understands the underlying logic, enabling us with an optimized scan.
Hands-On Application Penetration Testing with Burp Suite
By :
Hands-On Application Penetration Testing with Burp Suite
By:
Overview of this book
Burp suite is a set of graphic tools focused towards penetration testing of web applications. Burp suite is widely used for web penetration testing by many security professionals for performing different web-level security tasks.
The book starts by setting up the environment to begin an application penetration test. You will be able to configure the client and apply target whitelisting. You will also learn to setup and configure Android and IOS devices to work with Burp Suite. The book will explain how various features of Burp Suite can be used to detect various vulnerabilities as part of an application penetration test. Once detection is completed and the vulnerability is confirmed, you will be able to exploit a detected vulnerability using Burp Suite. The book will also covers advanced concepts like writing extensions and macros for Burp suite. Finally, you will discover various steps that are taken to identify the target, discover weaknesses in the authentication mechanism, and finally break the authentication implementation to gain access to the administrative console of the application.
By the end of this book, you will be able to effectively perform end-to-end penetration testing with Burp Suite.
Table of Contents (19 chapters)
Title Page
Copyright and Credits
Contributors
About Packt
Preface
Free Chapter
Configuring Burp Suite
Configuring the Client and Setting Up Mobile Devices
Executing an Application Penetration Test
Exploring the Stages of an Application Penetration Test
Preparing for an Application Penetration Test
Identifying Vulnerabilities Using Burp Suite
Detecting Vulnerabilities Using Burp Suite
Exploiting Vulnerabilities Using Burp Suite - Part 1
Exploiting Vulnerabilities Using Burp Suite - Part 2
Writing Burp Suite Extensions
Breaking the Authentication for a Large Online Retailer
Exploiting and Exfiltrating Data from a Large Shipping Corporation
Other Books You May Enjoy
Index
Customer Reviews