More Information
  • Set up your browser and Burp Suite
  • Intercepting, inspecting, and modifying web traffic between your client and the server
  • Using the Burp Target site map functionality
  • Crawling a web application and discovering resources with Burp Spider
  • Launching a scan with Burp Scanner to automatically detect security vulnerabilities
  • Automating customized attacks with Burp Intruder
  • Manipulating and iterating web requests with Burp Repeater
  • Analyzing the randomness of application data with Burp Sequencer
  • Decoding and encoding data in multiple formats with Burp Decoder
  • Comparing site maps in order to detect authorization bugs
Web security is more important than ever for protecting the confidentiality, integrity, and availability of web applications. Although there is no silver bullet tool, using the right instruments does play a critical role in any security initiative. Burp Suite is a well-known integrated platform for performing security testing and is considered the de-facto standard for testing web applications.

"Instant Burp Suite Starter" is a practical, hands-on guide that can help you take advantage of the Burp Suite, a powerful web security tool. Thanks to its step-by-step examples, you will quickly learn how to efficiently discover web application vulnerabilities such as SQL Injection and Cross-site scripting.

From intercepting your first web request, you will soon be able to inspect parameters, perform tampering, and eventually discover security flaws.

You will also learn how to use the numerous tools available in Burp Suite in order to enumerate all web application entry points, perform scans, and automatically detect security flaws. Then test your sites with automated customized attacks, analyze the randomness of application data, decode data in multiple formats, and much more.

"Instant Burp Suite Starter" will teach you everything you need to know to get started with testing your first application using Burp Suite. You will learn helpful tips and tricks on how to discover potentially destructive security flaws in your application.

  • Learn something new in an Instant! A short, fast, focused guide delivering immediate results.
  • Intercept HTTP/S requests with Burp Proxy
  • Tamper and analyze responses
  • Perform enumeration using the Burp Suite Map and Spider
  • Launch an automatic scan with Burp Scanner
  • Automate attacks using Burp Intruder
Page Count 70
Course Length 2 hours 6 minutes
ISBN 9781849695190
Date Of Publication 25 Jan 2013


Luca Carettoni

Luca Carettoni is a security researcher with over 8 years’ experience in the application security field. His professional expertise includes black box testing, web application security, vulnerability research, and source code analysis. He is the Director of Information Security at Addepar, a company that is reinventing the infrastructure which powers global wealth management. Prior to Addepar, Luca worked at Matasano Security as a senior security consultant, performing vulnerability research activities on a wide range of systems, from web applications to stand-alone software and mobile applications. He also worked at The Royal Bank of Scotland where he performed security audits against worldwide online banking systems. In the past few years, Luca has been an active participant in the security community and a member of the Open Web Application Security Project (OWASP). Luca holds a Master's Degree in Computer Engineering from the Politecnico di Milano University.