This is the code repository for Burp Suite Cookbook, published by Packt.
Web application security made easy with Burp Suite
Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.
This book covers the following exciting features:
- Perform a wide range of tests, including authentication, authorization, business logic, data validation, and client-side attacks
- Use Burp Suite to execute OWASP test cases focused on session management
- Conduct Server-Side Request Forgery (SSRF) attacks with Burp Suite
- Execute XML External Entity (XXE) attacks and perform Remote Code Execution (RCE) using Burp Suite’s functionalities
- Use Burp to help determine security posture of applications using GraphQL
- Perform various attacks against JSON Web Tokens (JWTs)
If you feel this book is for you, get your copy today!
Following is what you need for this book: If you are a beginner- or intermediate-level web security enthusiast, penetration tester, or security consultant preparing to test the security posture of your applications and APIs, this is the book for you.
With the following software and hardware list you can run all code files present in the book (Chapter 1-11).
| Chapter | Software required | OS required |
|---|---|---|
| 1-11 | Oracle VirtualBox | Windows |
| 1-11 | OWASP BWA VM | Windows |
| 1-11 | Burp Proxy | Windows |
Dr. Sunny Wear is a Web Security Architect and Penetration Tester. She provides secure coding classes, creates software, and performs penetration testing against web/API and mobile applications. Sunny has more than 25 years of hands-on software programming, architecture and security experience and holds a Doctor of Science in Cybersecurity. She is a content creator on Pluralsight with three courses on Burp Suite. She is a published author, "Burp Suite Cookbook", a developer of mobile apps such as the "Burp Tool Buddy" and is a content creator on courses related to Web Security and Penetration Testing. She regularly speaks and holds classes at security conferences such as Defcon, Hackfest, and BSides.