Searching for security flaws and exploits with Burp Suite

On Patrol

Conclusion

In this article, I looked at the basics of attack proxies (Burp Suite in particular), looked at the security of cookies and the various security-related fields they can have, performed brute forcing against the target application, and ran through a randomness test for the session tokens used in the application.

Although this article is designed to help developers and security technicians test for a few basic web flaws, it's not intended to be a comprehensive walkthrough of Burp Suite or a replacement for a professional security assessment.

The Author

Benjamin Caudill is Principal Consultant with Rhino Security Labs. For more direction on testing your company's web application security, visit http://www.RhinoSecurityLabs.com or feel free to contact Benjamin directly at mailto:Benjamin.Caudill@RhinoSecurityLabs.com.

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus