portswigger - Robuta Search

https://portswigger.net/research/practical-web-cache-poisoning Practical Web Cache Poisoning | PortSwigger Research Aug 9, 2018 - In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems web cache poisoning practical portswigger research https://portswigger.net/research/smashing-the-state-machine Smashing the state machine: the true potential of web race conditions | PortSwigger Research Aug 9, 2023 - For too long, web race condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing... the state true potential https://portswigger.net/research/xs-leak-leaking-ids-using-focus XS-Leak: Leaking IDs using focus | PortSwigger Research Oct 8, 2019 - Whilst I was building the XSS cheatsheet I discovered some interesting behaviour in Chrome and Safari. For certain HTML elements, if you specify their ID in... xs leak ids using focus https://portswigger.net/customers/bdo-as BDO AS Norway - Burp Suite Professional case study - PortSwigger Find out how BDO AS Norway uses Burp Suite Professional for manual security testing. burp suite case study bdo norway professional https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties Exploiting CORS misconfigurations for Bitcoins and bounties | PortSwigger Research Oct 14, 2016 - (or CORS misconfiguration misconceptions) In this post, I'll show how to identify and exploit misconfigured CORS. This is a greatly condensed version of my... exploiting cors misconfigurations bitcoins bounties https://portswigger.net/burp/documentation/dast/setup/self-hosted/kubernetes/resource-overview Kubernetes scanning resources overview - PortSwigger If you deploy Burp Suite DAST to Kubernetes, all of your scans run on a single, scalable pool of resources. Note In this documentation, the term ... resources overview kubernetes scanning portswigger https://portswigger.net/research/talks?talkid=36 Upcoming Conference Talks - PortSwigger Research Find details of upcoming talks from the PortSwigger Research team. We also have research papers and recordings available from previous conferences and events. upcoming conference talks portswigger research https://cyberiumx.com/write-ups/portswigger-command-injection/ Portswigger | Command Injection Vulnerability | Os Command Dec 11, 2023 - In this blog, we are going to focus on how to find and use the OS Command Injection vulnerabilities on the websites. command injection portswigger vulnerability os https://portswigger.net/support/using-burp-to-test-session-token-handling Using Burp to Test Session Token Handling - PortSwigger Using Burp to Test Session Token Handling Regardless of how well session tokens are generated, the session mechanism of an application will be wide open to ... session token using burp test handling https://portswigger.net/blog/3-ways-custom-scan-checks-turn-practitioner-knowledge-into-scalable-automation 3 ways custom scan checks turn practitioner knowledge into scalable automation | Blog - PortSwigger May 1, 2026 - Learn how custom scan checks can scale your team's unique testing logic across every scan. https://portswigger.net/research/noscript-xss-filter-bypass Noscript XSS filter bypass | PortSwigger Research Jul 28, 2015 - I thought I'd take a look at the Noscript's XSS filter and see if I could come up with a bypass. The filter is pretty impressive, it was tough to find one. I... filter bypass noscript xss portswigger research https://thecyberwire.com/newsletters/business-briefing/6/26 Rightworks acquires Practice Protect. PortSwigger raises $112 million. Rightworks acquires Practice Protect. PortSwigger raises $112 million. rightworks acquires practice protect portswigger https://portswigger.net/blog/burp-suite-support-center Burp Suite Support Center | Blog - PortSwigger Jan 22, 2015 - We're pleased to announce the arrival of the new Burp Suite Support Center! Visit now The Support Center is a single portal where you can: Read helpful... burp suite support center blog portswigger https://portswigger.net/web-security/certification?ref=niklas-heringer.com Burp Suite Certified Practitioner | Web Security Academy - PortSwigger Become a Burp Suite Certified Practitioner to demonstrate and prove your web security testing skills. web security academy burp suite certified practitioner portswigger https://portswigger.net/bappstore/01da4fdd9f6e4e12b0622fbdaa2dd26d Pcap Importer - PortSwigger Imports and passively scans Pcap files. pcap importer portswigger https://portswigger.net/kb/issues/00200600_cross-origin-resource-sharing Cross-origin resource sharing - PortSwigger An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain... cross origin resource sharing portswigger https://portswigger.net/bappstore/36238b534a78494db9bf2d03f112265c Retire.js - PortSwigger Integrates with the Retire.js repository to find vulnerable JavaScript libraries. retire js portswigger https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique Stealing HttpOnly cookies with the cookie sandwich technique | PortSwigger Research Jun 30, 2025 - In this post, I will introduce the stealing httponly cookies sandwich technique https://portswigger.net/blog/xsrf-and-threat-ratings XSRF and threat ratings | Blog - PortSwigger Mar 20, 2008 - Readers who are relatively long in the tooth will remember the sweet, carefree days before the web was blighted by cross-site request forgery (XSRF). Like or... xsrf threat ratings blog portswigger https://portswigger.net/kb/issues/00200509_content-security-policy-not-enforced Content security policy: not enforced - PortSwigger Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting attacks by disabling dangerous behaviours such as untrusted... content security policy enforced portswigger https://portswigger.net/bappstore/72f7b61e22f64ef5882dff6054df5ac7 Cypher Injection Scanner - PortSwigger A Burp Suite Extension that detects Cypher code injection cypher injection scanner portswigger https://portswigger.net/blog/how-to-see-the-impact-installing-bapps-might-have-on-burp-suite How to see the impact installing BApps might have on Burp Suite | Blog - PortSwigger Jun 16, 2022 - If you've ever installed any Burp extensions from the BApp Store, you'll know that it's a great way to extend your capabilities and tailor Burp Suite to your... how to see https://portswigger.net/burp/documentation/dast/user-guide/api-documentation/graphql-api/graphql-common-tasks Performing common tasks with the GraphQL API - PortSwigger This page details some common tasks that you can perform using Burp Suite DAST's GraphQL API. This document is intended to complement the API reference, ... common tasks graphql api performing portswigger https://www.peerspot.com/products/portswigger-burp-suite-professional-reviews PortSwigger Burp Suite Professional reviews 2026 Read in-depth PortSwigger Burp Suite Professional reviews from real customers and learn about the pricing, features, and more. burp suite professional reviews portswigger https://portswigger.net/users?returnurl=%2Fweb-security%2Fapi-testing%2Ftop-10-api-vulnerabilities Login - PortSwigger portswigger https://portswigger.net/support/using-burp-to-attack-authentication Using Burp to Attack Authentication - PortSwigger Using Burp to Attack Authentication Authentication lies at the heart of an application's protection against malicious attack. It is the front line defense ... using burp attack authentication portswigger https://ervinismu.gitlab.io/portswigger/api-testing/indentifying-api-endpoints/index Folder: portswigger/api-testing/indentifying-api-endpoints No description provided api testing folder portswigger endpoints https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646 HTTP Request Smuggler - PortSwigger Helps you launch HTTP Request Smuggling attacks, supports scanning for Request Smuggling vulnerabilities and also aids exploitation by handling cumbersome... http request smuggler portswigger https://portswigger.net/research/bypassing-csp-with-dangling-iframes Bypassing CSP with dangling iframes | PortSwigger Research Jun 14, 2022 - Introduction Our Web Security Academy has a topic on dangling markup injection - a technique for exploiting sites protected by CSP. But something interesting... bypassing csp dangling iframes portswigger https://portswigger.net/burp/documentation/dast/user-guide/reference/scans-page Scans page - PortSwigger In Burp Suite DAST, the Scans page shows a list of all the scans that have already run, are currently running, or are scheduled to run. It is the central ... scans portswigger https://portswigger.net/customers Case Studies - PortSwigger Burp Suite has a huge global user base. Find out what our customers say about us, and how Burp Suite helps them protect the world from cyber threats. case studies portswigger https://portswigger.net/burp/documentation/collaborator Burp Collaborator - PortSwigger Burp Collaborator is a network service that enables you to detect invisible vulnerabilities. These are vulnerabilities that don't: Trigger error messages. ... burp collaborator portswigger https://portswigger.net/research/james-kettle Researcher - James Kettle - PortSwigger James 'albinowax' Kettle is the Director of Research at PortSwigger. View his latest research, including papers presented at DEFCON and BlackHat USA. james kettle researcher portswigger https://portswigger.net/burp/documentation/scanner/scan-configurations/audit-settings Audit settings - PortSwigger Burp Scanner offers numerous settings that control how scans behave during the audit phase. You can select these settings when you create or edit scan ... audit settings portswigger https://www.gentech.az/partners/element/?ELEMENT_ID=317 PortSwigger portswigger https://portswigger.net/blog/some-of-the-best-burp-extensions-as-chosen-by-you Some of the best Burp extensions - as chosen by you | Blog - PortSwigger May 27, 2021 - As we mentioned in our recent blog post on good resources for new Burp Suite Professional users, the BApp Store is one of the largest repositories of... some of the best https://portswigger.net/solutions/devsecops DevSecOps Software Solutions - PortSwigger Traditional AppSec is a bottleneck for developers. But many DevSecOps solutions are no better. Burp Suite DAST is different. Find out more. software solutions devsecops portswigger https://csbygb.gitbook.io/pentips/writeups/ps-xss Portswigger Web Security Academy - XSS | CSbyGB - Pentips web security academy portswigger xss https://www.businesswire.com/news/home/20250331970831/en/PortSwigger-Unveils-Burp-AI-Pioneering-AI-Powered-Web-Application-and-API-Security-Testing PortSwigger Unveils Burp AI, Pioneering AI-Powered Web Application and API Security Testing PortSwigger, a renowned application security software provider, today announced the launch of Burp AI, the inaugural AI-powered version of Burp Suite Profess...