destinationfoki.blogg.se - Burp suite extensions

#BURP SUITE EXTENSIONS FOR FREE#
#BURP SUITE EXTENSIONS HOW TO#

RequirementsĪttendees should bring their own laptop with the latest Java as well as their favourite IDE installed. Attendees are expected to have rudimental understanding of Burp Suite as well as basic object-oriented programming experience (Burp extensions will be developed in Java). The training is suitable for both web application security specialists and developers. If you are curious, we’ve already uploaded the first three modules.

#BURP SUITE EXTENSIONS FOR FREE#

This workshop is based on real-life use cases where the combination of custom checks and automation can help uncovering nasty security vulnerabilities.Īll templates and code-complete Burp Suite extensions will be available for free on Doyensec’s Github. Extension #4: Passive check for Burp’s scanning engineįinally, we leverage our extensions to build a security automation toolchain integrated in a CI environment (Jenkins).Extension #3: Active check for Burp’s scanning engine.

Extension #2: A simple (and yet useful) replay tool.

Extension #1: A custom logger to provide persistency and data export functionalities.

We will create many different types of plugins: While we develop our code using Oracle’s Netbeans, we also provide templates for IntelliJ IDEA and Eclipse.

#BURP SUITE EXTENSIONS HOW TO#

In just eight hours, we show you how to use Burp Suite’s extension capabilities and unleash the power of the tool to improve efficiency and effectiveness during security audits.Īfter a quick intro to Burp and its extension APIs, we work on setting up an optimal development environment enabling fast coding and debugging. Security professionals must master their tools to improve the efficiency of manual security testing as well as to deploy custom security automation solutions.īased on this premise, we have created a brand-new class taking advantage of Burp Suite - the de-facto standard for web application security. Instead, a new approach based on security automation and tactical security testing is needed to ensure important components are being tested before going live. Traditional application security practices slow development and, in many cases, don’t address security at all. OverviewĮnsuring the security of web applications in continuous delivery environments is an open challenge for many organizations. This blog post provides a quick overview of the 8-hours workshop.ĭeveloping Burp Suite Extensions - From manual testing to security automation. We couldn't be more excited to present our brand-new class on web security and security automation.