Caner Filibelioglu - SabancıDx

Introduction

Caner Filibelioglu is a penetration tester and red team leader at SabancıDx. As a tech-focused subsidiary of the Sabancı group, SabancıDx aims to carry businesses into the future, through the innovative use of digital ideas and technology.

As one of Turkey's largest conglomerates, the Sabancı portfolio includes some of the country's largest financial and industrial interests. SabancıDx serves a range of customers, both internal and external.

Key benefits

Caner identified a number of key benefits SabancıDx gains by using Burp Suite Professional:

• They are able to discover harder to find vulnerabilities.

• They are able to speed up penetration testing.

• PortSwigger are web security experts and Caner knows their toolkit can catch critical bugs.

• Caner also noted his love of the Web Security Academy. Burp Suite Professional is ideal for tackling the Academy's free training labs.

Burp Suite at SabancıDx

Caner's red team engagements almost always begin with social engineering. But when this fails - as it often can in today's increasingly security mature world - he begins to probe target web applications for vulnerabilities. For this, he makes heavy use of Burp Suite.

As a red team leader, Caner is an experienced Burp Suite user - and in his hands it's a potent weapon. He enjoys the fact that Burp Suite is continuously improving - where many of its competitors lag behind. This, he says, is important in a world where apps are getting smarter day by day. He's a particular fan of Burp Scanner's browser-driven scanning feature, which cuts through the modern JavaScript-heavy applications many other scanners struggle with.

DevSecOps, and the Burp Suite Enterprise Edition difference

With more than 20 companies under its roof, the Sabancı group has hundreds of web applications to protect. But in Caner's opinion, simply testing the security of a web application after its release is no longer sufficient for best practice. Nowadays, he says, the security process should really begin in development itself. This approach is often called DevSecOps.

Caner talks about how SabancıDx is improving security using a DevSecOps approach. He sees Burp Suite Enterprise Edition as key to this - allowing SabancıDx to replace other, less capable scanning products. Burp Suite Enterprise Edition will allow Caner to integrate the Burp Scanner he knows and trusts into SabancıDx's DevSecOps processes and dashboards.

The DevSecOps approach provides developers with the insights and advice they need to write secure code, starting on day one of a project. This in turn means that fewer vulnerabilities are ever released into the wild. While this leaves less "low-hanging fruit" for pentesters like Caner to exploit, it does provide them with more time to carry out advanced testing. Consequently, security tends to show an overall improvement.

Why SabancıDx loves PortSwigger

We've already mentioned that Caner appreciates Burp Suite's continuous improvement cycles, especially when compared to its competitors. But this isn't the only thing that stands out to him about PortSwigger. Another major plus for Caner is PortSwigger's focus on education and development in the cybersecurity sector.

Here, Caner specifically calls out the Web Security Academy. As a web security expert, he recognizes the need to keep up with the latest developments and research. This isn't always an easy thing to do, but he appreciates how the Web Security Academy enables the process, while giving back to the Burp Suite user community with free and accessible training.

Useful features

Before he discovered Burp Suite Professional, Caner used Burp Suite Community Edition for a long time. In the end, it was the speed of Burp Suite Professional that won him over - specifically its unthrottled version of Burp Intruder. He's never looked back since.

When asked, Caner also rated the PortSwigger team and Burp Suite's huge user community as "very important" in his decision to choose our software. He also stated that Burp Scanner's ability to detect the latest vulnerability types discovered by PortSwigger Research is "critical" to his ability to catch vulnerabilities that he can't with other tools.

When it comes to the type of manual work required at the top level of penetration testing, Burp Suite Professional just gives you more options. And one of the ways it does this is by saving you time. Burp Scanner is capable of automating much of your testing. This gives you more time to go after trickier vulnerabilities like business logic flaws that take a human eye to spot.

In summary

Caner and SabancıDx use Burp Suite Professional at a high level. They protect some of Turkey's most important business interests. Caner agreed with the following statements:

• I perform my job more effectively by using Burp Suite.
• Burp Suite's scanning technology helps me catch more vulnerabilities faster.
• Burp Suite is great value for money.
• Without Burp Suite we'd need additional pentesting resources.
• Burp Suite is "best in class" software.

About Burp Suite Professional

Burp Suite Professional is an advanced set of tools for testing web security - all within a single product. From a basic intercepting proxy to a cutting-edge vulnerability scanner, with Burp Suite Pro, the right tool is never more than a click away.