Check https://portswigger.net, they have learning material and labs about this topic. Source: 6 months ago
I ask about serving websites because understanding how a web server works (very basically) with a browser or any client is a huge step in understanding HTTP, host headers, and even host header attacks (if you're into that sort of thing.. As an aside I did a quick google search and https://portswigger.net/ showed up.. Apparently they have interactive labs and very informative documentation on various attack... Source: 8 months ago
As you are quite new to the hobby, I would definitely recommend you go to portswigger.net academy. They give you a quite thorough understanding in all the fundamentals and they have labs set up where you can practice everything you learn at each step. The best part is you can learn at your own pace and it's all free. Source: 9 months ago
Connect your PC (with Burp Suite installed) and Android to the same network. > Note — Here my PC’s IP is 192.168.43.20 and Android’s IP is 192.168.43.180. - Source: dev.to / 11 months ago
Web App Security Academy is free through Portswigger. Which is great coverage to learn End-to-End how to find vulnerabilities in a web application yourself. After you get thru that, there's DVWA and Juice Shop... And you can even find these as rooms on TryHackMe if you don't want to self-host it. However, the Web App Security Academy is basically the live-learning environment for the Web App Hackers Handbook...... Source: about 1 year ago
You can get a head start on that class by going through these free tutorials (don't overlook the PDF for each lesson that helps explain what's going on). All of the BHIS pay what you can classes are excellent and an amazing value. TCM is another good choice. To strengthen your understanding of the web and web application security, work through the training from Portswigger.net. There are other resources out there... Source: about 1 year ago
I'm new to this and I started learning about bug bounties last year with hackerone.com and portswigger.net. Now I'm shifting gears and learning about pentesting on tryhackme.com and in the future hackthebox.eu. It looks like bug bounty hunters usually work on a platform like hackerone and get paid per each finding and how severe it is; and pentesters can find work on Linkedin like a contractor and get paid for... Source: over 1 year ago
We are in a similar space, our tool (https://caido.io) is geared toward bug bounty hunters and pentesters. HTTP Toolkit looks great congrats to the dev! It seems to compete more with requestly (https://requestly.io/) than burp suite (https://portswigger.net/). - Source: Hacker News / over 1 year ago
So like BURP Suite(https://portswigger.net/) but with fewer features? - Source: Hacker News / over 1 year ago
IMO, the best place to start would be https://portswigger.net. Their Web Security Academy Learning Path / Labs are by far the best. You can use the free community edition of Burp Suite for most of it. If you're going into web app security then you will likely be using Burp Suite every day anyway. Source: over 1 year ago
Found this useful resource: PortSwigger by looking through this list of NIST resource. PortSwigger offers free learning content and lots of free labs. They don't try to get you to buy anything. They also have videos with each lab to walk you though the steps of completing it if you need help. Source: almost 2 years ago
Select vendors wisely. Heed the words of James Kettle (Director of Research at PortSwigger): > Many companies have subdomains pointing to applications hosted by > third parties with awful security practices. - Source: dev.to / about 2 years ago
Do you know an article comparing Burp Suite to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Burp Suite. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.
Generic Burp Suite discussion