image

PortSwigger Research at Black Hat USA and DEF CON

Watch the PortSwigger Research presentations from DEF CON.
Gotta Cache 'em All: Bending the Rules of Web Cache Exploitation
Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls

Read the white papers

Gotta Cache 'em All: Bending the Rules of Web Cache Exploitation

This paper will explore how different HTTP servers and proxies behave when parsing specially crafted URLs and explore ambiguities in the RFC that lead to path confusion.
READ MOREChevronRightI2321
image

Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls

In this paper, Gareth Heyes shows you how to turn email parsing discrepancies into access control bypasses and even RCE.
READ MOREChevronRightI2321
image

Listen to the Whispers: Web Timing Attacks that Actually Work

James Kettle unleashes novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack surface.
READ MOREChevronRightI2321
image

🎉 Share your success stories with us 🎉

Have you successfully implemented the techniques in the research? Share your stories with the community! Share your stories with the community! 
ChevronRightI2321MESSAGE
ChevronRightI2321POST
ChevronRightI2321POST

Burp Suite

Web vulnerability scannerBurp Suite EditionsRelease Notes

Vulnerabilities

Cross-site scripting (XSS)SQL injectionCross-site request forgeryXML external entity injectionDirectory traversalServer-side request forgery

Customers

OrganizationsTestersDevelopers

Company

AboutCareersContactLegalPrivacy Notice

Insights

Web Security AcademyBlogResearch
image

© 2025 PortSwigger Ltd.