Sunny Wear - Burp Suite Cookbook

Copyright 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Pavan Ramchandani
Acquisition Editor: Akshay Jethani
Content Development Editor: Abhishek Jadhav
Technical Editor: Aditya Khadye
Copy Editor: Safis Editing
Project Coordinator: Jagdish Prabhu
Proofreader: Safis Editing
Indexer: Aishwarya Gangawane
Graphics: Jisha Chirayil
Production Coordinator: Nilesh Mohite

First published: September 2018

Production reference: 1250918

Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.

ISBN 978-1-78953-173-2

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

• Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

• Improve your learning with Skill Plans built especially for you

• Get a free eBook or video every month

• Mapt is fully searchable

• Copy and paste, print, and bookmark content

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at customercare@packtpub.com for more details.

At www.packt.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Sunny Wear, CISSP, GWAPT, GSSP-JAVA, GSSP-.NET, CSSLP, CEH is an Information Security Architect, Web App Penetration Tester and Developer. Her experience includes network, data, application and security architecture as well as programming across multiple languages and platforms. She has participated in the design and creation of many enterprise applications as well as the security testing aspects of platforms and services. She is the author of several security-related books which assists programmers in more easily finding mitigations to commonly-identified vulnerabilities within applications. She conducts security talks and classes at conferences like BSides Tampa, AtlSecCon, Hackfest, CA, and BSides Springfield.

Sachin Wagh is a young information security researcher from India. His core area of
expertise includes penetration testing, vulnerability analysis, and exploit development. He
has found security vulnerabilities in Google, Tesla Motors, LastPass, Microsoft, F-Secure,
and other companies. Due to the severity of many bugs discovered, he has received
numerous awards for his findings. He has participated in several security conferences as a
speaker, such as Hack In Paris, Infosecurity Europe, and HAKON.

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Burp Suite is a Java-based platform for testing the security of your web applications, and has been adopted widely by professional enterprise testers.
The Burp Suite Cookbook contains recipes to tackle challenges in determining and exploring vulnerabilities in web applications. You will learn how to uncover security flaws with various test cases for complex environments. After you have configured Burp for your environment, you will use Burp tools such as Spider, Scanner, Intruder, Repeater, and Decoder, among others, to resolve specific problems faced by pentesters. You will also explore working with various modes of Burp and then perform operations on the web using the Burp CLI. Toward the end, you will cover recipes that target specific test scenarios and resolve them using best practices.
By the end of the book, you will be up and running with deploying Burp for securing web applications.

If you are a security professional, web pentester, or software developer who wants to adopt Burp Suite for applications security, this book is for you.

, Getting Started with Burp Suite, provides setup instructions necessary to proceed through the material of the book.

, Getting to Know the Burp Suite of Tools, begins with establishing the Target scope and provides overviews to the most commonly used tools within Burp Suite.

, Configuring, Spidering, Scanning, and Reporting with Burp, helps testers to calibrate Burp settings to be less abusive towards the target application.

, Assessing Authentication Schemes, covers the basics of Authentication, including an explanation that this is the act of verifying a person or object claim is true.

, Assessing Authorization Checks, helps you understand the basics of Authorization, including an explanation that this how an application uses roles to determine user functions.

, Assessing Session Management Mechanisms, dives into the basics of Session Management, including an explanation that this how an application keeps track of user activity on a website.

, Assessing Business Logic, covers the basics of Business Logic Testing, including an explanation of some of the more common tests performed in this area.

, Evaluating Input Validation Checks, delves into the basics of Data Validation Testing, including an explanation of some of the more common tests performed in this area.