- Bypassing client-side controls
- Attacking authentication
- Attacking session management
- Testing access controls
- Testing for injection vulnerabilities
- Finding cross-site scripting vulnerabilities (XSS)
- Testing for cross-site request forgery (CSRF)
- Testing for insecure direct object references
- Finding security misconfiguration issues
- Testing for sensitive data exposure
- Finding open redirection vulnerabilities
Thursday, May 7, 2015
New Burp Suite testing methodologies
The Burp Suite Support Center has a new section covering Burp testing methodologies. These are aimed at people who are new to using Burp for web security testing, and contain step-by-step tutorials on common tasks, including:
There is also a guide to using Burp Suite to find all of the OWASP Top Ten vulnerabilities.
We will be adding many more methodology articles over the coming months to cover more testing areas and go into more detail on the above topics. If there is a particular subject that you would like to see covered, please let us know.