PortSwigger1 年
Latest cybersecurity industry news
Industry news isn’t always just about mergers and acquisitions. Infosec industry news often takes the form of cyber-attacks on web security companies, policy changes at bug bounty platforms, or other ...
PortSwigger2 年
Latest zero-day attacks and exploits
A zero-day (0day) vulnerability refers to a security vulnerability for which no mitigation or patch is available at the time it is disclosed or made public. Existing software patches are unable to ...
PortSwigger7 年
Using Burp to Bypass Hidden Form Fields
Hidden HTML form fields are a common mechanism for transmitting data via the client in a superficially unmodified way. If a field is flagged as hidden, it is not displayed on-screen. However, the ...
PortSwigger2 年
Latest phishing news and attacks
Phishing involves tricking a target into submitting their ID, password, or payment card data to an attacker. Login credentials for online banking, webmail, or e-commerce sites are among the potential ...
PortSwigger1 年
Latest network security news
A network security breach can be devastating for both an organization’s reputation and its finances. The implications of a breach could affect millions – not just the victim itself, but their ...
PortSwigger4 年
Lab: Reflected DOM XSS
This lab demonstrates a reflected DOM vulnerability. Reflected DOM vulnerabilities occur when the server-side application processes data from a request and echoes the data in the response. A script on ...
PortSwigger4 年
Lab: Broken brute-force protection, IP block
This lab is vulnerable due to a logic flaw in its password brute-force protection. To solve the lab, brute-force the victim's password, then log in and access their account page. Practise exploiting ...
PortSwigger1 年
Race conditions
Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...
PortSwigger2 年
How to find and exploit information disclosure vulnerabilities
Generally speaking, it is important not to develop "tunnel vision" during testing. In other words, you should avoid focussing too narrowly on a particular vulnerability. Sensitive data can be leaked ...
PortSwigger1 年
What is stored cross-site scripting?
Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in ...
PortSwigger3 个月
File upload vulnerabilities
In this section, you'll learn how simple file upload functions can be used as a powerful vector for a number of high-severity attacks. We'll show you how to bypass common defense mechanisms in order ...
PortSwigger15 天
Burp Intruder payload types
You can set the type of payload that you want to inject into the base request. Burp Intruder provides a range of options for auto-generating different types of ...