When penetration testers finish testing Web applications, they are often asked questions like, "How did you find that vulnerability? How can I find it? What can I do to detect these vulnerabilities?" This is where the powerful pen testing tool Burp Suite proves useful.
In this SearchSecurity.com screencast, penetration tester Mike McLaughlin offers a brief Burp Suite tutorial that highlights the key features available in both the free and paid versions of the tool. He points to Burp Proxy , which works in a similar fashion to a man-in-middle-attack, as the most powerful feature. Burp Proxy allows for easier manipulation of the data flowing between the browser and the target application to highlight vulnerabilities in the application. Another particularly useful feature is Burp Spider, which automates the normally tedious task of mapping a Web application. With Burp Proxy, Burp Spider, and the other features of Burp Suite, pen testers can now confidently answer all of the questions that come after testing a Web application.
About the presenter:
Mike McLaughlin is a penetration tester working for First Base Technologies, an information security consultancy in the UK. Mike's daily work consists of both internal and external network based penetration testing, Web application penetration testing, and social engineering.