Abstract

Web Application is the basic Interface for an organization to represent their working and Infrastructure. Developers use modern security skills to make the applications more secure, But the attackers are also catching up with these modern security techniques and finding security flaws in them. We will learn how we can use Burp Suite to detect such modern security flaws and use its unique features which are not normally used by today's pentesters. Throughout the talk, we will learn how we can use Burp Proxy, Spider, Intruder, Repeater, Sequencer. We will make use of Burp SSL Pass-through, Invisible Proxy, and Socks Proxy. In the talk, we will take some real time scenarios where we can properly make use of burp suite and protect the web application from being attacked.

By the end of the talk participants will be able to :

  1. Understand Burp Suite toolset and its type of functionalities available.

  2. Become more productive while testing for applications

The Participants will get the following :

  1. A Gitbook of what we cover throughout the sessions with references

  2. Vulnerable lab setup for practice

  3. Other references to learn more about Burp Suite.

Presentation Outline

  • Setting up Burp Suite
1. Community vs Professional (Theory)

2. Setting up your Project (Hands-On)
  • Spidering Web Application :
1. Scoping your target

2. Spidering your Scoped target

3. Importing CA certificate In Burp Suite
  • Identifying Vulnerabilities in your Web Application :
1. Talking about Socks Proxy in Burp, SSL Passthrough, Invisible Proxy

2. Using Intruder to identify and exploit SQL injection

3. Using  Repeater to identify  XSS injection Attacks

4. Using Sequencer for cookies and Session management Tokens

5. Using Burp for  parameter Tampering

6. References to Learn more about Burp

Speaker

Pankaj Mouriya

Timing

Starts at Saturday June 23 2018, 11:45 AM. The sessions runs for about 1 hour.

Resources