Your agentic AI partner in Burp Suite - Discover Burp AI now            Read more
Research Academy
My account Customers About Blog Careers Legal Contact Resellers
We have collated here some interesting news articles about Burp Suite. These include our blog posts, articles from other sources about Burp Suite, and details of notable software releases.
Title Date
Checkpoint Research: Tik or Tok? Is TikTok secure enough? January 8, 2020
Threatpost:TikTok Riddled With Security Flaws January 8, 2020
InfoSecurity: PortSwigger launches Web Security Academy November 12, 2019
HelpNetSecurity: PortSwigger's interactive training platform addresses the growing cybersecurity talent shortage October 31, 2019
The Daily Swig: A guide to spear-phishing - how to protect against targeted attacks October 30, 2019
Daily Swig: Latest data breach news October 8, 2019
HTTP Desync Attacks: what happened next October 3, 2019
Cross-site scripting (XSS) cheat sheet September 26, 2019
HTTP Desync Attacks: Request Smuggling Reborn August 7, 2019
Info Security: Become a master hacker without going back to school May 3, 2019
Hackware news: How to get started as a Bug Bounty Hunter May 2, 2019
Knutsford Guardian: Royal accolade for Knutsford company May 2, 2019
PortSwigger honored with Queen's Award for Enterprise for International Trade April 23, 2019
Insider Media: North West Firms Honored in Queen's Awards 2019 April 23, 2019
GBHackers: Burp Suite's PortSwigger launches Web Security Academy - Free training for finding web security vulnerabilities April 3, 2019
Infosec write-ups: How to write secure code? March 13, 2019
Bleeping Computer: First Hacker Millionaire on HackerOne March 1, 2019
PortSwigger Web Security announces appointment of Ollie Whitehouse as Non-Executive Director February 28, 2019
Research: Top 10 web hacking techniques of 2018 February 27, 2019
Search Security: Cache poisoning (DNS poisoning, web cache poisoning) February 27, 2019
Tech Target: 5-step checklist for web application security testing February 11, 2019
The Hacker News: 5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws January 16, 2019
Search Security: How to configure browsers to avoid web cache poisoning November 10, 2018
PWC Private Business Awards Finalist 2018: PortSwigger Web Security September 12, 2018
Softpedia: OAuth Exploit Allowed Researcher to Takeover Periscope TV Account September 10, 2018
PortSwigger Web Security releases Burp Suite Enterprise Edition_ August 31, 2018
PortSwigger Web Security releases Burp Suite 2.0 beta_ August 23, 2018
The Register: Web cache poisoning just got real: How to fling evil code at victims August 17, 2018
Web cache poisoning attacks demonstrated on major websites, platforms August 10, 2018
Dark Reading: New Hack Weaponizes the Web Cache June 12, 2018
PortSwigger's James Kettle talks about making money through bug bounties April 13, 2018
Sunday Times: Portswigger rank in the Sunday Times Lloyds SME Export Track 100 February 25, 2018
HackerOne Hacker Interviews: James Kettle (@albinowax) January 26, 2018
eWeek: Bug Bounty Hackers Make More Money Than Average Salaries, Report Finds January 22, 2018
Burp Suite 1.7.30: New granular configuration of scan issues. December 12, 2017
Blog post: The Daily Swig November 28, 2017
Burp Suite 1.7.28: Simplified scope control November 15, 2017
Sunday Times: PortSwigger features in Tech Track 100 Ones to Watch September 10, 2017
Blog post: Abusing JavaScript frameworks to bypass XSS mitigations September 8, 2017
Wired: Hacking retail gift cards remains scarily easy, using Burp Suite August 31, 2017
FirstPost: Burp Suite reveals Sarahah is uploading user information August 28, 2017
ZDNet: How we found that hidden Apple job listing using Burp Suite August 21, 2017
The Register: US DoD, Brit ISP BT reverse proxies can be abused to frisk internal systems August 19, 2017
Google pays high school student $10,000 for security flaw found using Burp Suite August 11, 2017
Burp Suite 1.7.26: New scan checks for file upload vulnerabilities August 3, 2017
Blog post: Cracking the Lens: Targeting HTTP's Hidden Attack-Surface July 27, 2017
Burp Suite 1.7.25: New scan checks using out-of-band detection techniques July 26, 2017
Burp Suite 1.7.24: New function to save copy of project July 18, 2017
Blog post: OAST (Out-of-band Application Security Testing) July 14, 2017
Blog post: Behind enemy lines: Bug hunting with Burp Infiltrator June 22, 2017
Dark Reading: PortSwigger researcher previews flaws in hidden web infrastructure June 19, 2017
Burp Suite 1.7.23. Several new scan checks including CSS injection and form action hijacking May 22, 2017
Blog post: DOM based AngularJS sandbox escapes May 11, 2017
Burp Suite 1.7.22. New Mobile Assistant app April 28, 2017
Burp Suite 1.7.20. Enhanced detection of blind injection vulnerabilities April 6, 2017
HackerOne's number 3 hacker loves Burp Suite April 4, 2017
Code Dx Announces Integration with Burp Suite March 21, 2017
InfoSec Institute: Burp Suite named top web scanner March 14, 2017
Burp Suite 1.7.18: New option not to log out-of-scope requests February 28, 2017
Burp Suite 1.7.17: New scan check for suspicious input transformation February 1, 2017
HackerOne: top hacker Mark Litchfield uses Burp Suite as his tool of choice January 27, 2017
HackerOne: Q&A With PortSwigger's James Kettle about bug bounties, exploit stories, and more January 19, 2017
Burp Suite 1.7.15: Custom wordlists and accurate not-found detection in Content Discovery tool December 21, 2016
Blog post: Bypassing CSP using polyglot JPEGs December 1, 2016
Blog post: PortSwigger bug bounty program November 30, 2016
Blog post: JSON hijacking for the modern web November 25, 2016
Burp Suite 1.7.12: Adds SMTP support to Burp Collaborator, and new SMTP scan checks November 18, 2016
Blog post: Backslash Powered Scanning: Hunting Unknown Vulnerability Classes November 4, 2016
Burp Suite 1.7.09: New Burp Collaborator client October 21, 2016
Blog post: Exploiting CORS Misconfigurations for Bitcoins and Bounties October 14, 2016
Burp Suite 1.7.06: New checks for second-order SQL injection September 8, 2016
Blog post: Introducing Burp Infiltrator July 26, 2016
Blog post: Executing non-alphanumeric JavaScript without parenthesis July 15, 2016
Blog post: Adapting AngularJS Payloads to Exploit Real World Applications April 25, 2016
Blog post: Introducing Burp projects April 8, 2016
Blog post: Using Burp Suite to Audit and Exploit an eCommerce Application March 22, 2016
Blog post: XSS without HTML: Client-Side Template Injection with AngularJS January 27, 2016
Burp Suite 1.6.33: New scan checks for blind XSS via Burp Collaborator January 13, 2016