Advanced Web Application Penetration Testing with Burp Suite

Burp suite can help improve your penetration testing. This is an advanced course designed to expand your knowledge of the Burp Suite product to utilize many of the lesser known features offered in the tool.
Course info
Rating
(22)
Level
Advanced
Updated
May 11, 2017
Duration
1h 15m
Table of contents
Description
Course info
Rating
(22)
Level
Advanced
Updated
May 11, 2017
Duration
1h 15m
Description

Did you know Burp Suite makes automation, data exfiltration, and customization techniques possible to help make you an even better pentester? This advanced course, Advanced Web Application Penetration Testing with Burp Suite, is designed to expand your knowledge of the Burp Suite product to utilize many of the lesser known features offered in the tool. You will learn how to exploit security vulnerabilities in your target, write your own Burp extension, perform automation with Burp, and more. By the end this course, you'll know how to perform all of these techniques at a comfortable and efficient level to better perform your pentesting tasks. If you are currently a mid-to-senior level developer or pentester and wish to learn about attacking web applications using more features of Burp Suite, then this course is designed for you.

About the author
About the author

Sunny Wear, CISSP, GWAPT, GSSP-JAVA, CEH, CSSLP is an Application Security Architect and developer. Her breadth of experience includes network, data, application, and security architecture as well as programming across multiple languages and platforms. In her 20 years of professional experience, she has participated in the design and creation of many enterprise applications as well as the security testing aspects of platforms and services.

More from the author
Writing Burp Suite Macros and Plugins
Advanced
2h 48m
20 Nov 2017
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hello everyone, my name is Sunny Wear, and welcome to my course, Advanced Web Application Penetration Testing with Burp Suite. I am a security architect and a web application pen tester for a large financial services company. Did you know Burp Suite makes possible automation, data exfiltration, and customization techniques that can make you an even better pen tester? This is an advanced course designed to expand your knowledge of the Burp Suite product to utilize many of those lesser known features offered in the tool. Now you're going to learn about these features through a hands-on approach. If you are currently a mid to senior-level developer or pen tester and you want to learn about attacking web applications using more of the features of Burp Suite, then this course is definitely designed for you. Some of the major topics that we will cover include properly configuring your Burp options, hybrid spidering with elevation of privilege discovery, exploiting security vulnerabilities in your target, extending and integrating Burp with other popular pen testing tools, writing your own Burp extension, and performing automation with Burp. By the end of this course, you'll know how to perform all of these techniques at a comfortable and efficient level to better perform your pen testing tasks. Now before beginning this course, you should complete the basic version of this course entitled Web Application Penetration Testing with Burp Suite. I hope you'll join me on this journey to becoming a most proficient Burp Suite user with the Advanced Web Application Penetration Testing with Burp Suite course, at Pluralsight.

Setting up Your Burp Suite Environment for This Course
In this advanced version of the Web Application Pen Testing with Burp Suite course, we begin with getting you set up in your environment to help you flow through the content and exercises with me. First, let's level set on the intended audience for this advanced course. So if you're currently working as a pen tester and you wish to expand your knowledge of Burp Suite beyond the basics, then this course is definitely for you. Likewise, if you are a mid to senior-level developer required to address security vulnerabilities in web applications that you support, you will also find value in this course. Now if we think of security vulnerabilities really as just bugs in our software, that means that the main difference between the two targeted audiences have to do with, one, having experience finding bugs, and the other having experience fixing bugs.