New Burp Suite testing methodologies

The Burp Suite Support Center has a new section covering Burp testing methodologies. These are aimed at people who are new to using Burp for web security testing, and contain step-by-step tutorials on common tasks, including:

• Bypassing client-side controls
• Attacking authentication
• Attacking session management
• Testing access controls
• Testing for injection vulnerabilities
• Finding cross-site scripting vulnerabilities (XSS)
• Testing for cross-site request forgery (CSRF)
• Testing for insecure direct object references
• Finding security misconfiguration issues
• Testing for sensitive data exposure
• Finding open redirection vulnerabilities

There is also a guide to using Burp Suite to find all of the OWASP Top Ten vulnerabilities.

We will be adding many more methodology articles over the coming months to cover more testing areas and go into more detail on the above topics. If there is a particular subject that you would like to see covered, please let us know.

Dafydd Stuttard

@DafyddStuttard