This release introduces the Burp Intruder capture filter, automatic decoding of SMTP messages in Burp Collaborator, improved accuracy of recorded logins and a number of other improvements.

DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker-controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval ...

In this tutorial, you'll use Burp Sequencer to analyze the quality of randomness in an application's session tokens. Burp Sequencer may have unexpected results in some applications. Until you are ...

An opportunity to kick-start your software development career at an innovative and agile software company in the North West of England. If you join PortSwigger as a graduate, one of the main focuses ...

Our culture is our most important superpower, and our biggest differentiator as an organization. We're proud of our culture, and fiercely protective of it. Have fun. Think of all the things that can ...

All our people are exceptionally good at what they do. But they have much else besides. They are nice to each other, helpful, and modest. They are good communicators and can adapt to different ...

Andres Rauschecker, 26 years old, and Munich-based, is a cybersecurity enthusiast to his very core. He got into the field at a young age, pursuing what was initially just an interest and turning it ...

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive ...

Increasingly complex web applications. Across numerous domains. Integrated via a range of APIs. These are the challenges faced by modern pentesters - all with the added pressure of delivering accurate ...

"I do have to say, if you're not in the @PortSwigger discord you're missing out."@t0xodile, Burp Suite Professional user The PortSwigger Discord is a great way to see what Burp developers are working ...

This extension can be used to generate multiple scan reports by host with just a few clicks. If the option is selected, one report will be generated for the host that includes findings for HTTP:80 and ...

HTTP cookies often control critical website features, but their long and convoluted history exposes them to parser discrepancy vulnerabilities. In this post, I'll explore some dangerous, lesser-known ...