YOU ARE HERE: HOMEBurp Testing Methodologies

Burp Testing Methodologies

Burp Suite Professional is commercial grade web application security testing tool, to accelerate IT security, web application security developer and penetration tester work load on related to web site, web application and portal security testing, assessment, audit and penetration testing to test for various kinds of web application vulnerabilities.

Depend on your generic or specific task in hand, it common and widely for the below tasks:

– Using Burp to Test for the OWASP Top Ten

– Using Burp to Bypass Client-Side Controls

– Using Burp to Bypass Hidden Form Fields

– Using Burp to Bypass Client Side JavaScript Validation

– Using Burp to Attack Authentication

– Using Burp to Brute Force a Login Page

– Using Burp to Attack Session Management

– Using Burp to Hack Cookies and Manipulate Sessions

– Using Burp to Test Session Token Generation

– Using Burp to Test Session Token Handling

– Using Burp to Test Access Controls

– Using Burp’s Site Map to Test for Access Control Issues

– Using Burp’s “Request in Browser” Function to Test for Access Control Issues

– Using Burp to Test for Missing Function Level Access Control

– Using Burp to Find Cross-Site Scripting (XSS) Issues

– Using Burp to Test for Cross-Site Request Forgery (CSRF)

– Using Burp to Test for Insecure Direct Object References

– Using Burp to Test for Security Misconfiguration Issues

– Using Burp to Test for Sensitive Data Exposure Issues

– Using Burp to Test for Components with Known Vulnerabilities

– Using Burp to Test for Open Redirections

– Using Burp to Detect SQL Injection Flaws

– Using Burp to Detect SQL Injection Via SQL-Specific Parameter Manipulation

– Using Burp to Exploit SQL Injection Vulnerabilities: The UNION Operator

– Using Burp to Detect Blind SQL Injection Bugs

– Using Burp to Exploit Bind SQL Injection Bugs