Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive ...

Andres Rauschecker, 26 years old, and Munich-based, is a cybersecurity enthusiast to his very core. He got into the field at a young age, pursuing what was initially just an interest and turning it ...

Increasingly complex web applications. Across numerous domains. Integrated via a range of APIs. These are the challenges faced by modern pentesters - all with the added pressure of delivering accurate ...

"I do have to say, if you're not in the @PortSwigger discord you're missing out."@t0xodile, Burp Suite Professional user The PortSwigger Discord is a great way to see what Burp developers are working ...

This extension can be used to generate multiple scan reports by host with just a few clicks. If the option is selected, one report will be generated for the host that includes findings for HTTP:80 and ...

In this example, a shopping application lets the user view whether an item is in stock in a particular store. This information is accessed via a URL: https://insecure ...

Blind SQL injection occurs when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details of any database errors. Many ...

HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known ...

In this tutorial, you'll use Burp Sequencer to analyze the quality of randomness in an application's session tokens. Burp Sequencer may have unexpected results in some applications. Until you are ...

This release enables you to generate scan reports in PDF format, and generate compliance reports that are compatible with PCI DSS v4.0.1. We also added support for SOAP API scans. We made a number of ...

This release introduces site map filter Bambdas, match and replace Bambdas, dynamic authentication tokens for API scanning, and Enhanced payload management for Intruder attacks. We’ve also made ...

This lab contains a DOM-based open-redirection vulnerability. To solve this lab, exploit this vulnerability and redirect the victim to the exploit server. The url parameter contains an open ...