Use the links below to discover how Burp can be used to find the vulnerabilties currently listed in the OWASP Top 10.
- Injection
- Using Burp to Test For Injection Flaws
- Injection Attack: Bypassing Authentication
- Using Burp to Detect SQL-specific Parameter Manipulation Flaws
- Using Burp to Exploit SQL Injection Vulnerabilities: The UNION Operator
- Using Burp to Detect Blind SQL Injection Bugs
- Using Burp to Exploit Bind SQL Injection Bugs
- Broken Authentication and Session Management
- Using Burp to Brute Force a Login Page
- Using Burp to Test for Sensitive Data Exposure Issues
- Injection Attack: Bypassing Authentication
- Using Burp to Hack Cookies and Manipulate Sessions
- Using Burp to Test Token Generation
- Using Burp to Test Session Token Handling
- Forced Browsing
- Using Burp to Test for Insecure Direct Object References
- Cross-Site Scripting (XSS)
- Using Burp to Find Cross-Site Scripting Issues
- Using Burp to Manually Test for Reflected XSS
- Using Burp to Manually Test for Stored XSS
- Using Burp to Exploit XSS - Injecting in to Direct HTML
- Using Burp to Exploit XSS - Injecting in to Tag Attributes
- Using Burp to Exploit XSS - Injecting in to Scriptable Contexts
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery (CSRF)
- Using Burp to Test for Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards