Cross-site request forgery (CSRF) is an attack which forces an end user to execute unwanted actions on a web application to which they are currently authenticated. CSRF vulnerabilities may arise when ...

Best for pentesters and hands-on security professionals. Free up testing time with scalable, automated scanning Automated DAST scanning without limits. Free up testing time with trusted Burp ...

You need to configure Firefox so that you can use it for testing with Burp Suite.

Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...

Web cache deception is a vulnerability that enables an attacker to trick a web cache into storing sensitive, dynamic content. It's caused by discrepancies between how the cache server and origin ...

Use this function to discover content and functionality that is not linked from visible content that you can browse to or Burp Scanner can crawl. You can see the discovered content in a site map for ...

You can configure payload processing rules so that Burp Intruder modifies payloads before it inserts them into the request. This is useful for a variety of purposes, such as when you need to: Generate ...

Macros are made up of requests taken from the Proxy history. The first step in adding a macro is to select these requests. To do so: The macro editor displays an editable list of items in the macro.

Burp Suite Enterprise Edition enables you to upload an OpenAPI definition to run a specific API scan. You can add new API definitions at any time. API definitions are managed in the Sites menu. Each ...

You can upload an OpenAPI definition or a SOAP WSDL to run a specific API scan. To begin configuring your scan, upload an OpenAPI definition or a SOAP WSDL in the API definition tab. You can do this ...

Last year Johan Carlsson discovered you could conceal payloads inside the credentials part of the URL . This was fascinating to me especially because the payload is not actually visible in the URL in ...

In this tutorial, you'll use Burp Sequencer to analyze the quality of randomness in an application's session tokens. Burp Sequencer may have unexpected results in some applications. Until you are ...