Burp Suite
Alonso Eduardo Caballero Quezada
Consultant in Ethical Hacking, Forensic Computing & GNU / Linux
Website: http://www.ReYDeS.com
e -mail: ReYDeS@gmail.com
Thursday May 1, 2014
Who Am I?
• Independent Consultant and Instructor in Ethical Hacking, IT
Forensic and GNU / Linux.
• Former Member of RareGaZz and current member of PeruSEC
• Former Editor in the Linux Magazine + DVD (ES).
• Creator of the II South American Digital Forensic Challenge – Chavin de
Huantar 2012.
• Brainbench Certified Network Security, Brainbench Certified
Computer Forensics (US) & Brainbench Certified Linux
Administration (General). CNHE, CNCF, CNHAW
• More than 11 years of experience in the area.
•
•
@Alonso_ReYDeS
pe.linkedin.com/in/alonsocaballeroquezada/
Burp Suite
Burp Suite is an integrated platform for performing security assessments
against web applications.
Its various tools work excellently in
set to support the entire testing process, from the
initial mapping and analysis of the attack surface of the application,
to find and exploit vulnerabilities of security.
Burp provides complete control, which allows combining
advanced manual techniques with automation, to make
work faster, more effective, and more fun.
Note: Like any software security tests, Burp Suite
contains functionalities that can damage target systems.
The evaluation of security flaws inherently involves
interacting with non-conventional objectives that can
cause problems in some vulnerable objectives. It is suggested
to be careful when using Burp Suite.
* http://bit.ly/XovFxk
Components of Burp Suite
Burp Suite contains the following key components.
• An Interception Proxy, which allows to inspect and
modify traffic between the browser and the target application
• A Spider aware of the application, to collect content and
functionalities.
• An Advanced Scanner for the web application, to automate the
detection of various types of vulnerabilities.
• An Intruder tool, to perform custom attacks
powerful to find and exploit unusual vulnerabilities.
• A Repetition tool, to manipulate and forward
individual requests.
• A Sequencing tool, to evaluate the randomness of
session tokens.
Versions of Burp suite
Bu rp Suite is distributed in two versions
* http://bit.ly/2ETaQEi
Course Virtual of Hacking Web Applications
Days:
Group 1: Saturdays 3, May 10, 17 and 24, 2014
Group 2: Sundays 4, 11, 18 and 25 of May 2014
Hours:
From 9:00 am to 12:30 pm (UTC -05: 00)
More information:
http://bit.ly/2SnW7oC
caballero.alonso@gmail.com
http://bit.ly/2ET0LXB alonsocaballeroquezada /
http://www.reydes.com
@Alonso_ReYDeS
ReYDeS
Demonstrations
More Material
I invite you to see the 20 Free Webinars that I have dictated about
Ethical Hacking, Web Application Hacking and Forensic Computing
http://bit.ly/2ePHBEk
All the slides used in Free Webinars
can be found on the following page.
http://www.reydes.co m / d /? q = node / 3
All the articles and documents that I have published.
http://bit.ly/2SlCzRF
My Blog about topics of my interest.
http://bit.ly/2AiNiFv
Thank you!
Burp Suite
Alonso Eduardo Caballero Quezada
Consultant in Hacking Ethics, Forensic Computing & GNU / Linux
Website: http://www.ReYDeS.com
e-mail: ReYDeS@gmail.com
Thursday, May 1, 2014
from Nettech Post http://bit.ly/2EOgbwi
No hay comentarios:
Publicar un comentario