Tuesday, 19 April 2011

No Excuses – Learn Burp Suite to aid your web testing

In March 2011 I gave a talk at the London Sigist on technical testing. I’ll make the slides for that available (…sometime soon). I didn’t want to give a ‘blaggers guide’ to technical testing. So I presented an overview of some of the thought processes and models I use.
At the end of the talk I provided a list of tools that I use. I use Burp Suite as one of my proxy servers.
I currently have a “No Excuses” hat on, so I currently try to provide as much information as I can in bite size chunks which people can pick up and move forward with. I wrote “Selenium Simplified” as a “Now you have no excuses for not learning how to program” book.
I recommend that if you want to go further with technical web testing you read the book “The Web Application Hacker’s Handbook” written by the people behind the Burp Suite tool. [amazon.com] [amazon.co.uk]
And in the same spirit I will now experiment with some videos. In the first of which I provide a simple overview of Burp Suite, in particular the Intercept and Site Map functionality. I don’t cover the nuances of usage, but I cover enough to get you started. So if you haven’t started using a proxy server as an essential part of your web testing… no excuses – start here:

I still have a lot to learn about creating video tutorials, so I appreciate all comments.

2 comments:

  1. I love this tutorial. Thank you. I have used burp for years but never upgraded to the version you are showing here, because I didn't fathom what use I could make of the new capabilities. I'll be upgrading now to use the scope feature to limit the intercepts which will make intercepting much more smooth.



    Thanks Geordie - hope you get value from the next one too.

    ReplyDelete
  2. Very nice, Alan. Would be on the look out for more stuff to come !!!



    Thanks Samuel, hopefully I'll cover something you don't already know.

    ReplyDelete