Burp On Tour 2025: bringing the AppSec community together around the world

In 2025, we set out with a simple mission: take Burp Suite on the road and meet the global AppSec community where you are.

Burp On Tour was born from our desire to learn from you; the brilliant people securing the web every day. We wanted to hear the challenges you face, and understand how we can build tools that support you.

By connecting with students, hobbyists, practitioners, and seasoned researchers alike, we moved one step closer to our ultimate goal - enabling the world to secure the web.

Security threats are global, but so is the AppSec community

From university campuses to world-renowned security conferences, from grassroots meetups to massive global stages, Burp On Tour travelled across continents to support and connect with the people who make AppSec what it is today.

This year has been a celebration of shared knowledge, curiosity, and community spirit. Here’s a look back at where Burp went, and who we met along the way…

How the world embraced security research, agentic AI, and contemplated the future of AppSec

Burp On Tour 2025 wasn’t just about showing up, it was about showcasing what’s next for Application Security.

HTTP/1.1 Must Die

In August, new research from James Kettle, PortSwigger’s Director of Research, debuted at Black Hat USA, highlighting just how insecure applications that rely on downstream HTTP/1.1 are.

This work on the deep systemic risks lurking within HTTP/1.1 grabbed attention across the world, sparking conversations about protocol design, attack surfaces, and what long-term mitigation should look like.

Read the full whitepaper.

Agentic AI to augment pentesters

This year marked a major leap forward in how testers interact with Burp Suite. We unveiled new agentic AI capabilities in Burp AI, designed to:

• Help users explore attack surfaces more efficiently.
• Automate repetitive workflows.
• Assist newcomers in learning AppSec techniques faster.

These updates aren’t about replacing testers, they’re about enabling them.

These new capabilities were shared at HAC NYC in Burp AI Product Manager Katie Warren’s talk ‘AI in Application Security: Our Journey to AI’, and HAC LDN and FOST Paris with Burp AI developer Daniel Allen’s ‘Agents at the Gate: How Agentic AI is Changing the Security Landscape’.

Learn more about how you can use these new agentic capabilities in Burp AI to help optimise your workflow and save time when testing.

Scaling security testing with Burp Suite DAST

Another major theme this year was scale. Teams around the world are grappling with increasingly large, increasingly complex attack surfaces.

PortSwigger’s DAST experts were on the ground at OWASP AppSec USA and FOST Paris showing how Burp Suite DAST delivers purpose-built, low-noise runtime testing across modern web apps and APIs - while integrating cleanly into CI/CD pipelines to scale your security program without sacrificing depth.

Discover what's new in Burp Suite DAST this winter.

Celebrating those championing security at every level

At PortSwigger, we believe great security doesn’t happen in isolation. It’s driven by people; the thinkers, creators, and collaborators who help shape a safer web.

Community, student, and grassroots events

Burp On Tour kicked off the year by empowering the next generation of application security talent, supported by security veterans, at grassroots events and regional meetups including:

• StudentHack at the University of Manchester
• Hack Glasgow
• SteelCon
• BSides Exeter
• BSides Leeds
• BSides Las Vegas

These events reminded us that some of the most innovative thinking in security comes from those just starting their journeys.

If you’re looking to further your journey in Application Security, don’t forget to check out our free online learning platform, the Web Security Academy.

Taking Application Security to the global stage

As the year unfolded, Burp on Tour hit up some of the biggest Cyber Security stages around the world, including:

• Black Hat USA
• Black Hat Europe
• DEF CON
• OWASP Global AppSec USA
• Ekoparty

Each of these stops gave us a chance to showcase new ideas, learn from seasoned practitioners, and exchange insights with the brightest in the field.

Virtual events and online communities

Not all of our travels required a plane ticket. We were proud to support:

• Chronos Security’s CTF
• TryHackMe’s Advent of Cyber
• Bug Bounty Girls Club

And of course, the beating heart of our online presence: the PortSwigger Discord.

This server is home to workshops, livestreams, AMAs, virtual meetups, and a thriving community of learners and experts.

Join the PortSwigger Discord today.

Every digital touchpoint brought us closer to people who rely on Burp Suite every day, and those just discovering it for the first time.

Growing together as a community in 2026

If 2025 taught us anything, it’s that the AppSec community is passionate, welcoming, and unstoppable. And we want to be right there with you as the journey continues.

In 2026, our hopes are simple but ambitious:

• Reach even more of the community, both in new regions and long-standing hotspots.
• Break down barriers to entry, helping more people begin their AppSec journeys with confidence.
• Continue celebrating the wins - big and small - of the researchers, testers, educators, maintainers, and defenders who make the web safer.
• Keep listening, learning, and building tools that help real people solve real security problems.

Burp On Tour is just the beginning, and we’re already excited for what comes next.

… and, of course, a huge thank you to you!

To everyone who stopped by a booth, joined a workshop, attended a talk, chatted with us online, or simply waved hello - thank you.

Let us know where you want to see Burp on Tour next year. See you on the road!

Amelia Coen