Doing More With Burp
There are extensive resources on this site and elsewhere to help you
learn more about Burp Suite, and take your web application testing to
the next level:
- If you want to learn more about getting the best out of Burp,
you should read the extensive Burp Suite Help.
This documentation includes a full reference for all of Burp's features and
configuration options, together with getting started guides and examples
workflow and use-cases.
- If you have a specific problem with Burp, or a feature request or bug
report, you can visit the Burp Suite
User Forum, to ask questions or discuss with hundreds of other
active Burp users.
- If you are new to web application security, or looking to develop your
existing knowledge, a great resource is
The Web Application Hacker's
Handbook. Co-authored by the creator of Burp, this book is a practical guide
to finding and exploiting security flaws in web applications, and aims to be
the most deep and comprehensive general purpose guide to hacking web
applications that is currently available.
- If you are looking for more practical experience in security testing of web
applications, you could come on our training course,
Web Application Hacker's Handbook - Live
Edition. This course is a practical opportunity to take the skills
and theory taught in the book to the next level, experimenting with all of
the tools and techniques against numerous vulnerable web applications and
labs, under the guidance of the book’s authors. The course is a regular
feature at security conferences around the world, including Black Hat,
44Con, Ruxcon, and Countermeasure.
Get help from other users, at the Burp Suite User Forum:
Visit the forum ›
Tuesday, November 18, 2014
This release contains various new features and enhancements.
The Scanner has been updated with the ability to detect cross-site request forgery vulnerabilities. The Scanner logic for the detection of XSS and SQL injection vulnerabilities has been further enhanced. Burp's use of temporary files has been updated to use a small number of large temporary files, rather than an individual file for each saved HTTP request and response.
See all release notes ›