You can use Burp Suite to perform security tests for mobile applications. To do this, you need to configure the mobile device to proxy its traffic via Burp Proxy ...

You need to configure Firefox so that you can use it for testing with Burp Suite.

Many servers now support HTTP/2. This exposes them to potential vulnerabilities that are impossible to test for using tools that only speak HTTP/1. Burp Suite provides unrivaled support for ...

You can configure an Android device to proxy HTTP traffic through Burp Suite. This enables you to test Android apps just like ordinary websites. The process for doing ...

In this section, you'll learn how simple file upload functions can be used as a powerful vector for a number of high-severity attacks. We'll show you how to bypass common defense mechanisms in order ...

In this section we explain what the Access-Control-Allow-Origin header is in respect of CORS, and how it forms part of CORS implementation. The cross-origin resource sharing specification provides ...

Blind SQL injection occurs when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details of any database errors. Many ...

Automated DAST scanning without limits. Built on the Burp technology your security teams already trust. Gain complete visibility of your web application's attack surface. Secure apps before they hit ...

Organizations are rushing to integrate Large Language Models (LLMs) in order to improve their online customer experience. This exposes them to web LLM attacks that take advantage of the model's access ...

GraphQL vulnerabilities generally arise due to implementation and design flaws. For example, the introspection feature may be left active, enabling attackers to query the API in order to glean ...

Business logic vulnerabilities are relatively specific to the context in which they occur. However, although individual instances of logic flaws differ hugely, they can share many common themes. In ...

Access control is the application of constraints on who or what is authorized to perform actions or access resources. In the context of web applications, access control is dependent on authentication ...