A Complete Guide to Burp Suite: Learn to Detect Application Vulnerabilities

Rahalkar, Sagar

  • 出版商: Apress
  • 出版日期: 2020-11-07
  • 售價: $1,440
  • 貴賓價: 9.5$1,368
  • 語言: 英文
  • 頁數: 167
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1484264010
  • ISBN-13: 9781484264010
  • 海外代購書籍(需單獨結帳)


Use this comprehensive guide to learn the practical aspects of Burp Suite--from the basics to more advanced topics. The book goes beyond the standard OWASP Top 10 and also covers security testing of APIs and mobile apps.

Burp Suite is a simple, yet powerful, tool used for application security testing. It is widely used for manual application security testing of web applications plus APIs and mobile apps. The book starts with the basics and shows you how to set up a testing environment. It covers basic building blocks and takes you on an in-depth tour of its various components such as intruder, repeater, decoder, comparer, and sequencer. It also takes you through other useful features such as infiltrator, collaborator, scanner, and extender. And it teaches you how to use Burp Suite for API and mobile app security testing.

What You Will Learn

  • Understand various components of Burp Suite
  • Configure the tool for the most efficient use
  • Exploit real-world web vulnerabilities using Burp Suite
  • Extend the tool with useful add-ons

Who This Book Is For
Those with a keen interest in web application security testing, API security testing, mobile application security testing, and bug bounty hunting; and quality analysis and development team members who are part of the secure Software Development Lifecycle (SDLC) and want to quickly determine application vulnerabilities using Burp Suite


Sagar Rahalkar is a seasoned information security professional with more than 13 years of experience in various verticals of information security. His domain expertise is mainly in AppsSec, cyber crime investigations, vulnerability assessments, penetration testing, and IT GRC. He holds a master's degree in computer science and several industry-recognized certifications such as CISM, ISO 27001LA, and ECSA. He has been closely associated with Indian law enforcement agencies for more than three years, dealing with digital crime investigations and related training, and received awards from senior officials of the police and defense organizations in India. He also is an author and reviewer for several publications.