login

Burp Suite, the leading toolkit for web application security testing

Doing More With Burp

There are extensive resources on this site and elsewhere to help you learn more about Burp Suite, and take your web application testing to the next level:

  • The best place to start is the Burp Suite Support Center, where you can read numerous articles about using Burp, and join the community discussions with thousands of other active Burp users.
  • If you want to learn more about getting the best out of Burp, you should read the extensive Burp Suite Documentation. This includes a full reference for all of Burp's features and configuration options, together with getting started guides and examples of typical workflow and use-cases.
  • If you are new to web application security, or looking to develop your existing knowledge, a great resource is The Web Application Hacker's Handbook. Co-authored by the creator of Burp, this book is a practical guide to finding and exploiting security flaws in web applications, and aims to be the most deep and comprehensive general purpose guide to hacking web applications that is currently available.
  • If you are looking for more practical experience in security testing of web applications, you could come on our training course, Web Application Hacker's Handbook - Live Edition. This course is a practical opportunity to take the skills and theory taught in the book to the next level, experimenting with all of the tools and techniques against numerous vulnerable web applications and labs, under the guidance of the book’s authors. The course is a regular feature at security conferences around the world, including Black Hat, 44Con, Ruxcon, and Countermeasure.

Support Center

Get help and join the community discussions at the Burp Suite Support Center.

Visit the Support Center ›

Wednesday, May 6, 2015

v1.6.18

This release updates the Scanner to enable it to find blind XML external entity (XXE) injection vulnerabilities.

Some performance improvements have been made to the Burp Collaborator server, and the metrics page now splits interaction counters into TCP and UDP interactions.

A number of minor bugs have also been fixed.

See all release notes ›

Copyright © 2015 PortSwigger Ltd. All rights reserved.