Hands-On Application Penetration Testing with Burp Suite

Test fuzz and break web applications and services using Burp Suite’s powerful capabilitiesKey FeaturesMaster the skills to perform various types of security tests on your web applicationsGet hands-on experience working with components like scanner proxy intruder and much moreDiscover the best-way to penetrate and test web applicationsBook DescriptionBurp suite is a set of graphic tools focused towards penetration testing of web applications. Burp suite is widely used for web penetration testing by many security professionals for performing different web-level security tasks.The book starts by setting up the environment to begin an application penetration test. You will be able to configure the client and apply target whitelisting. You will also learn to setup and configure Android and IOS devices to work with Burp Suite. The book will explain how various features of Burp Suite can be used to detect various vulnerabilities as part of an application penetration test. Once detection is completed and the vulnerability is confirmed you will be able to exploit a detected vulnerability using Burp Suite. The book will also covers advanced concepts like writing extensions and macros for Burp suite. Finally you will discover various steps that are taken to identify the target discover weaknesses in the authentication mechanism and finally break the authentication implementation to gain access to the administrative console of the application.By the end of this book you will be able to effectively perform end-to-end penetration testing with Burp Suite. What you will learnSet up Burp Suite and its configurations for an application penetration testProxy application traffic from browsers and mobile devices to the serverDiscover and identify application security issues in various scenariosExploit discovered vulnerabilities to execute commandsExploit discovered vulnerabilities to gain access to data in various datastoresWrite your own Burp Suite plugin and explore the Infiltrator moduleWrite macros to automate tasks in Burp SuiteWho this book is forIf you are interested in learning how to test web applications and the web part of mobile applications using Burp then this is the book for you. It is specifically designed to meet your needs if you have basic experience in using Burp and are now aiming to become a professional Burp user. About the Author Carlos A. Lozano is a security consultant with more than 15 years' experience in various security fields. He has worked as a penetration tester but most of his experience is with security application assessments. He has assessed financial applications ISC/SCADA systems and even low-level applications such as drivers and embedded components. Two years ago he started on public and private bug bounty programs and focused on web applications source code review and reversing projects. Also Carlos works as Chief Operations Officer at Global CyberSec an information security firm based in Mexico with operations in the USA and Chile.Dhruv Shah holds a Masters degree in IT and has 7 years of experience as a specialist in Information Security. He started off as a trainer sensitizing staff in private sector organizations about security issues and what hackers look for when they launch attacks on networks. He later on switched his job to carry out penetration testing for Indian government agencies and then for banking clients in the Middle East. He now has extensive experience in penetration testing for Fortune 500 companies involving web and mobile applications networks Infra and Red Team work. In his spare time he co-authored the book Kali Linux Intrusion and Exploitation and is an active member and moderator of one of the Null chapters in India.Riyaz Ahemed Walikar is a Web Application Pentester security evangelist and researcher. He has been active in the security community for the last 10 years. He is actively involved