Dominating Burp Suite

This training provides a theoretical and practical understanding of the most risky vulnerabilities and their combination in the detection and exploitation of them, using the famous Burp Suite hacking tool. It contains numerous real-life examples, with CVEs, Bounties to help attendees understand the true impact of these vulnerabilities.

You will learn how to use the typical functions and those less known, hidden among the tabs of Burp Suite. Develop the first extension in Python, Ruby or Java and take advantage of the API.

Features:

• Understand Burp Suite.

• Real scenarios and environments with vulnerabilities.

• Identify vulnerabilities using the internal tools.

• Use typical functions and those less known.

Day 1:

• Introduction

• Basic concepts

• URL and URI structure

• Security Headers

• Protocols and authentication

• Introduction to Burp Suite

• Burp Suite UI

• What are those tabs?

• Dashboard

• Target

• Proxy

• Intruder

• Repeater

• Sequencer

• Decoder

• Comparer

• Extender

• Project & User Options

Day 2:

• Mobile Apps

• Scanner

• Extensibility

• The First Extension

• API

• Engagement Tools

• Tips

• Vulnerability Lab

• Exploitability

• OWASP Web Security Top 10

• OWASP API Security Top 10

• Challenge, CTF!

Who should take this class?

System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level.