HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known ...

This release introduces site map filter Bambdas, match and replace Bambdas, dynamic authentication tokens for API scanning, and Enhanced payload management for Intruder attacks. We’ve also made ...

It's well known that WAFs only scan up to a certain amount of data per request. This extension allows a tester to manually insert junk data and adds junk data to Active Scans by duplicating each scan ...

As pentesters we all had at least one test where we all needed to use Base64 Image converters online which took an extra efort of copying things and sometimes we were running out of time. Captcha ...

Automated DAST scanning without limits. Built on the Burp technology your security teams already trust. Gain complete visibility of your web application's attack surface. Secure apps before they hit ...

Organizations are rushing to integrate Large Language Models (LLMs) in order to improve their online customer experience. This exposes them to web LLM attacks that take advantage of the model's access ...

Use the links below to discover how Burp can be used to find the vulnerabilties currently listed in the OWASP Top 10.

The Burp Suite Certified Practitioner exam is challenging, that's why obtaining it is so valuable! That means that not only is there no shame in failing, you're likely to learn something from your ...

A network security breach can be devastating for both an organization’s reputation and its finances. The implications of a breach could affect millions – not just the victim itself, but their ...

This page requires JavaScript for an enhanced user experience.

The number of mobile security breaches has exploded alongside the widespread adoption of smartphones. This presents an ever-growing threat, as we increasingly connect our mobiles to other IoT devices.

Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which may then be inherited by user-defined objects. Although ...