Webinar recording: How to Perform Effective Web Application Security Assessments
On 6 April, PortSwigger teamed up with HackerOne to bring you AppSec insights from industry expert Burp Suite users. Leanne Shapton (Application Security Engineer - Shopify), and Joel Noguera (pentester and security researcher) joined HackerOne’s Cindy Ho, to discuss how web application security assessments can be made more effective. With over 1,200 registrations, this was a popular event.
... Burp Enterprise will then start scanning the app and come back to us and raise any potential common web security vulnerabilities.
Leanne Shapton - Application Security Engineer, Shopify
The webinar produced a wealth of actionable advice - including a great presentation from Leanne on how Shopify uses Burp Suite Enterprise Edition in the cloud, to scale security testing across its 6,000+ partner web apps. As experienced users of Burp Suite Professional, Shopify felt that Burp Suite Enterprise Edition was the right choice to help them perform automated testing during their security review process. This webinar will make great viewing for anyone interested in discovering how their organization can benefit from performing high quality automated security testing at scale using Burp Suite Enterprise Edition.
I like to make use of all the information that Burp generates automatically. This includes crawling options, passive and active scans, as well as extensions.
Joel Noguera - pentester and security researcher
Next, Joel Noguera took a deep-dive into the processes he uses to succeed when performing in-depth penetration testing with Burp Suite Professional. Joel is a real Burp Suite expert - and we’re confident that most users will be able to learn a thing or two from his tips on balancing automation with manual testing. Joel even went as far as providing tips for Burp Suite Professional users engaging with Shopify’s bug bounty program (for now, let’s just say that he’s a big fan of optimizing his workflow using BApp extensions - but check out the video for full details).
Whether your aim is to automate web application security testing at scale, or to free up more time for manual testing through effective use of automation, we highly recommend that you watch this webinar. A full recording is available from HackerOne.
Finally, don’t forget to follow @PortSwigger on Twitter, to stay in the loop on all of our forthcoming webinars, new product releases, and more.