Burp suite essentials : discover the secrets of web application pentesting using Burp Suite, the best tool for the job / Akash Mahajan.

Format:

Book

Author/Creator:

Mahajan, Akash, author.

Series:

Community experience distilled.

Community Experience Distilled

Language:

English

Subjects (All):

Internet--Security measures.

Internet.

Computer security.

Physical Description:

1 online resource (144 p.)

Edition:

1st edition

Other Title:

Discover the secrets of web application pentesting using Burp Suite, the best tool for the job

Place of Publication:

Birmingham, England : Packt Publishing, 2014.

Language Note:

English

System Details:

Mode of access: World Wide Web.

text file

Biography/History:

Mahajan Akash: Akash Mahajan is an accomplished security professional with over a decade's experience in providing specialist application and infrastructure consulting services at the highest levels to companies, governments, and organizations around the world. He has lots of experience in working with clients to provide innovative security insights that truly reflect the commercial and operational needs of the organization, from strategic advice to testing and analysis to incident response and recovery. He is an active participant in the international security community and a conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP the global organization responsible for defining the standards for web application security and as a co-founder of NULL India's largest open security community. Akash runs Appsecco, a company focused on Application Security. He authored the book Burp Suite Essentials published by Packt Publishing in November 2014, which is listed as a reference by the creators of Burp Suite.

Summary:

If you are interested in learning how to test web applications and the web part of mobile applications using Burp, then this is the book for you. It is specifically designed to meet your needs if you have basic experience in using Burp and are now aiming to become a professional Burp user.

Contents:

Cover; Copyright; Credits; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Getting Started with Burp; Starting Burp from the command line; Specifying memory size for Burp; Specifying the maximum memory Burp is allowed to use; Ensuring that IPv4 is allowed; Working with other JVMs; Summary; Chapter 2: Configuring Browsers to Proxy through Burp; Configuring browsers to proxy through Burp Suite; Microsoft Internet Explorer; Google Chrome; Mozilla Firefox; Fine-grained proxy configuration; Mozilla Plug-n-Hack extension

Exclusive Firefox profileSummary; Chapter 3: Setting the Scope and Dealing with Upstream Proxies; Multiple ways to add targets to the scope; Loading a list of targets from a file; Scope and Burp Suite tools; Scope inclusion versus exclusion; Dropping out-of-scope requests; Dealing with upstream proxies and SOCKS proxies; Types of proxies supported by Burp; Working with SOCKS proxies; Using SSH tunneling as a SOCKS proxy; Setting up Burp to be a proxy server for other devices; Summary; Chapter 4: SSL and Other Advanced Settings; Importing the Burp certificate in Mozilla Firefox

Importing the Burp certificate in Microsoft IE and Google ChromeInstalling the Burp certificate in iOS or Android; SSL pass-through; Invisible Proxy; Summary; Chapter 5: Using Burp Tools As a Power User - Part 1; Target; Site map compare; Proxy; The Message Analysis tab; Actions on the intercepted requests; Response interception and modification ; Using the Proxy history tab; Intruder; Scanner; Scanning optimization and requests; When to scan; Repeater; Summary; Chapter 6: Using Burp Tools As a Power User - Part 2; Spidering; Sequencer; Analysis of the tokens; Sample analysis; Decoder

ComparerAlerts; Summary; Chapter 7: Searching, Extracting, Pattern Matching, and More; Filtering; Illustration; Matching; Grep - Match and Grep - Extract; Summary; Chapter 8: Using Engagement Tools and Other Utilities ; Search; Target Analyzer; Content Discovery; Task Scheduler; CSRF proof of concept Generator; Summary; Chapter 9: Using Burp Extensions and Writing Your Own; Setting up the Python runtime for Burp Extensions; Setting up the Ruby environment for Burp Extensions; Loading and installing a Burp Extension from the Burp App Store; Using BApp files

Loading and installing a Burp Extension manuallyManaging Burp Extensions; Memory issues with Burp Extensions; Writing our own Burp Extensions; A simple Burp Extension in Python; Noteworthy Burp Extensions; Summary; Chapter 10: Saving Securely, Backing Up, and Other Maintenance Activities; Saving and restoring a state; Automatic backups; Scheduled tasks; Logging all activities; Summary; Chapter 11: Resources, References, and Links; Primary references; Learning about Burp; Web application security testing with Burp; Miscellaneous security testing tutorials with Burp Suite

Pentesting thick clients

Notes:

Includes index.

Includes bibliographical references and index.

Description based on online resource; title from PDF title page (ebrary, viewed December 17, 2014).

ISBN:

9781783550128

1783550120

OCLC:

900292152