A new BChecks testing tool will make testing BChecks just as easy as it is to write them. Send suitable requests to the tool, and use them as test cases to confirm that your BCheck is working. Alter ...

Our culture is our most important superpower, and our biggest differentiator as an organization. We're proud of our culture, and fiercely protective of it. Have fun. Think of all the things that can ...

All our people are exceptionally good at what they do. But they have much else besides. They are nice to each other, helpful, and modest. They are good communicators and can adapt to different ...

This release introduces the Burp Intruder capture filter, automatic decoding of SMTP messages in Burp Collaborator, improved accuracy of recorded logins and a number of other improvements.

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive ...

Andres Rauschecker, 26 years old, and Munich-based, is a cybersecurity enthusiast to his very core. He got into the field at a young age, pursuing what was initially just an interest and turning it ...

"I do have to say, if you're not in the @PortSwigger discord you're missing out."@t0xodile, Burp Suite Professional user The PortSwigger Discord is a great way to see what Burp developers are working ...

Increasingly complex web applications. Across numerous domains. Integrated via a range of APIs. These are the challenges faced by modern pentesters - all with the added pressure of delivering accurate ...

This extension can be used to generate multiple scan reports by host with just a few clicks. If the option is selected, one report will be generated for the host that includes findings for HTTP:80 and ...

Blind SQL injection occurs when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details of any database errors. Many ...

HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known ...