PortSwigger3 天
What do you want to do?
Best for pentesters and hands-on security professionals. Free up testing time with scalable, automated scanning Automated DAST scanning without limits. Free up testing time with trusted Burp ...
PortSwigger3 天
Adding new API definitions
Burp Suite Enterprise Edition enables you to upload an OpenAPI definition to run a specific API scan. You can add new API definitions at any time. API definitions are managed in the Sites menu. Each ...
PortSwigger21 天
Burp Intruder payload types
You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...
PortSwigger2 个月
File upload vulnerabilities
In this section, you'll learn how simple file upload functions can be used as a powerful vector for a number of high-severity attacks. We'll show you how to bypass common defense mechanisms in order ...
PortSwigger3 个月
CORS and the Access-Control-Allow-Origin response header
In this section we explain what the Access-Control-Allow-Origin header is in respect of CORS, and how it forms part of CORS implementation. The cross-origin resource sharing specification provides ...
PortSwigger5 个月
Unburden your security team, empower your developers
Automated DAST scanning without limits. Built on the Burp technology your security teams already trust. Gain complete visibility of your web application's attack surface. Secure apps before they hit ...
PortSwigger7 个月
Web LLM attacks
Organizations are rushing to integrate Large Language Models (LLMs) in order to improve their online customer experience. This exposes them to web LLM attacks that take advantage of the model's access ...
PortSwigger9 个月
What is path traversal?
Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to read arbitrary files on the server that is running an application. This might include: Application code ...
PortSwigger11 个月
NoSQL injection
NoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database. NoSQL injection may enable an attacker to: Bypass ...
PortSwigger1 年
Race conditions
Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...
PortSwigger1 年
Burp Suite Support Center
Post your questions in our user forum, and get answers and advice from the Burp Suite user community.
PortSwigger1 年
What is OS command injection?
In this example, a shopping application lets the user view whether an item is in stock in a particular store. This information is accessed via a URL: https://insecure ...