Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Burp Suite Cookbook

You're reading from   Burp Suite Cookbook Practical recipes to help you master web penetration testing with Burp Suite

Arrow left icon
Product type Paperback
Published in Sep 2018
Publisher
ISBN-13 9781789531732
Length 358 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Dr. Sunny Wear Dr. Sunny Wear
Author Profile Icon Dr. Sunny Wear
Dr. Sunny Wear
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Getting Started with Burp Suite FREE CHAPTER 2. Getting to Know the Burp Suite of Tools 3. Configuring, Spidering, Scanning, and Reporting with Burp 4. Assessing Authentication Schemes 5. Assessing Authorization Checks 6. Assessing Session Management Mechanisms 7. Assessing Business Logic 8. Evaluating Input Validation Checks 9. Attacking the Client 10. Working with Burp Macros and Extensions 11. Implementing Advanced Topic Attacks 12. Other Books You May Enjoy

Targeting legal vulnerable web applications

In order for us to properly showcase the functions of Burp Suite, we need a target web application. We need to have a target which we are legally allowed to attack.

Know Your Enemy is a saying derived from Sun Tzu's The Art of War. The application of this principle in penetration testing is the act of attacking a target. The purpose of the attack is to uncover weaknesses in a target which can then be exploited. Commonly referred to as ethical hacking, attacking legal targets assists companies to assess the level of risk in their web applications.

More importantly, any penetration testing must be done with express, written permission. Attacking any website without this permission can result in litigation and possible incarceration. Thankfully, the information security community provides many purposefully vulnerable web applications to allow students to learn how to hack in a legal way.

A consortium group, Open Web Application Security Project, commonly referred to as OWASP, provides a plethora of resources related to web security. OWASP is considered the de facto standard in the industry for all things web security-related. Every three years or so, the group creates a listing of the Top 10 most common vulnerabilities found in web applications.

Throughout this book, we will use purposefully vulnerable web applications compiled into one virtual machine by OWASP. This setup enables us to legally attack the targets contained within the virtual machine.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime