November 12

Webinar takeaway: Getting Started with Burp Suite & Webapp Pentesting

Security

0 comments

My key takeaways

Burp over ZAP? It's the pro features, that make burp so common
Enable Jython to make Python available for extensions
You have to install the burp certs in each browser to make it work. Just type burp in the address bar
FF has a built-in ability to have different browser profiles. Handy for testing e.g. admin users and normal user in parallel
everybody forgets sometimes to shut of intruder :sweat_smile:
use a SOCKS proxy if testing from home: this enables IP whitelisting and avoids getting your home network blocked e.g. by Google for suspicious activities

Env

Provided by blackhillsinfosec.com
Presenter Brian King

additional links

Webinar takeaway – Tactical BurpSuite

My key takeaways AWS doesn’t allow to test from a workspace Testing inside seems to not violate the TOS Always create a "new project on disk" instead of a "temporary project" in Burp In the "Target" tab under sitemaps black text : Burp has seen request and response gray text: Burp has seen a link

Webinar Takeaway: How to Get Started in Cyber Threat Hunting

My key takeaways responding to alerts, writing sig’s, checking dashboards is reactionary; threat hunting is proactive @TayandYou Read More

Jean-Christoph von Oertzen

Blog

Infosec glossary

Webinar takeaway: Getting Started with Burp Suite & Webapp Pentesting

My key takeaways

Env

additional links

You may also like

Webinar takeaway – Tactical BurpSuite

Webinar Takeaway: How to Get Started in Cyber Threat Hunting