unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
Document My Pentest: you hack, the AI writes it up!
文章介绍了一个名为"Document My Pentest"的Burp Suite AI扩展,该工具可实时监控请求、自动记录渗透测试过程并生成报告。通过改进提示工程和优化输入格式,该扩展能够有效识别漏洞并减少误报。用户可通过BApp商店安装,并在Repeater中轻松使用以自动化文档生成。...
2025-4-23 13:17:24 | 阅读: 10 |
收藏
|
PortSwigger Research - portswigger.net
llm
burp
security
analysis
Meet Burp Suite DAST: A clearer name for the industry's leading DAST solution
Burp Suite Enterprise Edition更名为Burp Suite DAST,旨在更清晰地体现其作为动态应用安全测试解决方案的功能。尽管名称变更,但其核心功能和行业领先的扫描引擎保持不变。该产品支持大规模API扫描、灵活部署及深度集成,并持续优化以满足现代应用安全需求。...
2025-4-15 13:22:0 | 阅读: 6 |
收藏
|
PortSwigger Blog - portswigger.net
burp
dast
security
evaluating
appsec
You asked, we answered: Q&A from The Future of AppSec webinar
PortSwigger分享了关于未来应用安全的愿景,并通过问答形式解答了观众对Burp Suite DAST和AI功能的疑问,包括产品更新、支持服务及隐私问题。...
2025-4-10 14:33:41 | 阅读: 8 |
收藏
|
PortSwigger Blog - portswigger.net
burp
dast
appsec
portswigger
security
The Future of Application Security: key insights from the webinar
PortSwigger举办大型网络研讨会,探讨应用安全未来趋势。重点介绍Burp Suite DAST和Professional的新功能,包括API支持、扩展能力及AI增强工具。会议还强调了应对快速变化的安全挑战和用户反馈的重要性。...
2025-4-3 09:17:42 | 阅读: 3 |
收藏
|
PortSwigger Blog - portswigger.net
burp
security
dast
webinar
portswigger
Welcome to the next generation of Burp Suite: elevate your testing with Burp AI
PortSwigger推出Burp AI功能,增强渗透测试效率与深度。新功能包括自动化漏洞分析、AI解释技术、生成登录序列、减少误报及AI扩展API。用户可享10,000免费AI信用,并可自由选择启用或关闭AI功能。...
2025-3-31 12:26:2 | 阅读: 7 |
收藏
|
PortSwigger Blog - portswigger.net
burp
security
portswigger
appsec
11am
SAML roulette: the hacker always wins
文章描述了一种通过结合Round-trip攻击和命名空间混淆技术,利用ruby-saml库漏洞实现无认证访问GitLab Enterprise的方法。攻击者通过操纵XML文档结构和签名验证过程,伪造用户身份并最终获取管理员权限。该漏洞已在特定版本中修复。...
2025-3-18 14:55:43 | 阅读: 9 |
收藏
|
PortSwigger Research - portswigger.net
trip
attacker
rexml
gitlab
assertion
Burp Everywhere, All Around the World: Bringing AppSec Enthusiasts Together in 2025
PortSwigger致力于加强网络安全社区的连接,在2025年通过Discord群组、线下活动、赞助会议和提供资源支持等方式促进交流与合作。...
2025-3-13 08:49:1 | 阅读: 6 |
收藏
|
PortSwigger Blog - portswigger.net
security
burp
appsec
portswigger
pros
Behind the Scenes of Burp AI: How we built it, and what's next
PortSwigger开发了AI驱动的安全测试工具Burp AI,经过一年的研究和开发,并于2024年11月进行了私人试用。通过收集反馈和改进,该工具即将在Burp Suite Professional中推出,并计划扩展至其他版本。...
2025-3-12 13:30:52 | 阅读: 4 |
收藏
|
PortSwigger Blog - portswigger.net
burp
security
portswigger
trial
ensuring
PortSwigger and SAP forge strategic partnership to enhance enterprise web security
PortSwigger与全球企业软件领导者SAP达成战略合作,采用其Burp Suite Enterprise Edition作为首选动态应用安全测试解决方案。该方案凭借高精度、高效性和可扩展性助力SAP应对大规模云环境安全挑战,并通过集成自动化测试提升开发流程安全性。...
2025-2-25 14:34:46 | 阅读: 6 |
收藏
|
PortSwigger Blog - portswigger.net
security
portswigger
burp
dast
cloud
Shadow Repeater:AI-enhanced manual testing
这篇文章介绍了PortSwigger新发布的Shadow Repeater工具,该工具通过AI技术增强手动测试能力,在用户发送请求时自动生成参数变异并检测潜在漏洞如XSS和路径遍历。...
2025-2-20 13:20:19 | 阅读: 11 |
收藏
|
PortSwigger Research - portswigger.net
repeater
shadow
variations
burp
Why it's time for AppSec to embrace AI: How PortSwigger is leading the charge
这篇文章探讨了人工智能(AI)在应用安全(AppSec)领域的潜力与挑战。尽管部分人对AI持怀疑态度或担心其安全性,作者认为AI可以增强而非取代人类渗透测试员的能力。PortSwigger公司已推出AI增强的Burp Suite功能,旨在提高效率、准确性和生产力。...
2025-2-14 14:23:55 | 阅读: 6 |
收藏
|
PortSwigger Blog - portswigger.net
burp
security
pentesters
adoption
portswigger
The future of security testing: harness AI-Powered Extensibility in Burp
PortSwigger推出AI驱动的扩展功能至Burp Suite Professional,利用Montoya API简化集成并保障数据安全。用户可免费获取10,000 AI积分用于实验与创新,并通过BApp Store分享成果。此功能提升安全测试效率与深度。...
2025-2-13 13:52:39 | 阅读: 11 |
收藏
|
PortSwigger Blog - portswigger.net
security
burp
hackvertor
montoya
Top 10 web hacking techniques of 2024
Published: 04 February 2025 at 15:01 UTC...
2025-2-4 15:2:32 | 阅读: 11 |
收藏
|
0day Fans - portswigger.net
security
orange
ten
dompurify
worstfit
Bypassing character blocklists with unicode overflows
Published: 28 January 2025 at 13:58 UTC...
2025-1-28 13:58:28 | 阅读: 12 |
收藏
|
PortSwigger Research - portswigger.net
overflow
0x10000
codepoint
truncation
0x4e41
The complexities of scaling AppSec teams and how to address them in 2025
Tom Ryder |28 January 2025 at 13:08...
2025-1-28 13:8:23 | 阅读: 10 |
收藏
|
PortSwigger Blog - portswigger.net
appsec
security
burp
portfolios
dast
Stealing HttpOnly cookies with the cookie sandwich technique
Published: 22 January 2025 at 14:45 UTC...
2025-1-22 14:45:11 | 阅读: 9 |
收藏
|
PortSwigger Research - portswigger.net
sandwich
param1
deadbeef
param2
sessionid
Make Burp Suite your own: high-powered extensibility to customize and enhance your testing. ️
这篇文章介绍了 Burp Suite 的可扩展性功能,包括 Bambdas、BChecks 和 Extensions 三种方式。通过这些工具,用户可以定制和增强 Burp Suite 的功能以满足特定需求。Bambdas 是代码片段用于过滤和增强工作流程;BChecks 是自定义扫描检查;Extensions 则是用户创建的工具以扩展 Burp 的功能。这些功能帮助用户实现个性化测试和高效协作。...
2025-1-10 15:53:34 | 阅读: 5 |
收藏
|
PortSwigger Blog - portswigger.net
burp
bambda
bambdas
library
Top ten web hacking techniques of 2024: nominations open
Published: 08 January 2025 at 14:07 UTC...
2025-1-8 14:7:35 | 阅读: 9 |
收藏
|
0day Fans - portswigger.net
bypass
injection
remote
novel
Top 10 web hacking techniques of 2024: nominations open
Published: 08 January 2025 at 14:07 UTC...
2025-1-8 14:7:27 | 阅读: 17 |
收藏
|
PortSwigger Research - portswigger.net
nominations
bypass
novel
remote
security
Bypassing WAFs with the phantom $Version cookie
Published: 04 December 2024 at 15:03 UTC...
2024-12-4 23:3:35 | 阅读: 8 |
收藏
|
PortSwigger Research - portswigger.net
quoted
value2
param2
value1
param1
Previous
1
2
3
4
5
6
7
8
Next