Document My Pentest: you hack, the AI writes it up! 文章介绍了一个名为"Document My Pentest"的Burp Suite AI扩展，该工具可实时监控请求、自动记录渗透测试过程并生成报告。通过改进提示工程和优化输入格式，该扩展能够有效识别漏洞并减少误报。用户可通过BApp商店安装，并在Repeater中轻松使用以自动化文档生成。... 2025-4-23 13:17:24 | 阅读: 10 | 收藏 | PortSwigger Research - portswigger.net llm burp security analysis

Meet Burp Suite DAST: A clearer name for the industry's leading DAST solution Burp Suite Enterprise Edition更名为Burp Suite DAST，旨在更清晰地体现其作为动态应用安全测试解决方案的功能。尽管名称变更，但其核心功能和行业领先的扫描引擎保持不变。该产品支持大规模API扫描、灵活部署及深度集成，并持续优化以满足现代应用安全需求。... 2025-4-15 13:22:0 | 阅读: 6 | 收藏 | PortSwigger Blog - portswigger.net burp dast security evaluating appsec

You asked, we answered: Q&A from The Future of AppSec webinar PortSwigger分享了关于未来应用安全的愿景，并通过问答形式解答了观众对Burp Suite DAST和AI功能的疑问，包括产品更新、支持服务及隐私问题。... 2025-4-10 14:33:41 | 阅读: 8 | 收藏 | PortSwigger Blog - portswigger.net burp dast appsec portswigger security

The Future of Application Security: key insights from the webinar PortSwigger举办大型网络研讨会，探讨应用安全未来趋势。重点介绍Burp Suite DAST和Professional的新功能，包括API支持、扩展能力及AI增强工具。会议还强调了应对快速变化的安全挑战和用户反馈的重要性。... 2025-4-3 09:17:42 | 阅读: 3 | 收藏 | PortSwigger Blog - portswigger.net burp security dast webinar portswigger

Welcome to the next generation of Burp Suite: elevate your testing with Burp AI PortSwigger推出Burp AI功能，增强渗透测试效率与深度。新功能包括自动化漏洞分析、AI解释技术、生成登录序列、减少误报及AI扩展API。用户可享10,000免费AI信用，并可自由选择启用或关闭AI功能。... 2025-3-31 12:26:2 | 阅读: 7 | 收藏 | PortSwigger Blog - portswigger.net burp security portswigger appsec 11am

SAML roulette: the hacker always wins 文章描述了一种通过结合Round-trip攻击和命名空间混淆技术，利用ruby-saml库漏洞实现无认证访问GitLab Enterprise的方法。攻击者通过操纵XML文档结构和签名验证过程，伪造用户身份并最终获取管理员权限。该漏洞已在特定版本中修复。... 2025-3-18 14:55:43 | 阅读: 9 | 收藏 | PortSwigger Research - portswigger.net trip attacker rexml gitlab assertion

Burp Everywhere, All Around the World: Bringing AppSec Enthusiasts Together in 2025 PortSwigger致力于加强网络安全社区的连接，在2025年通过Discord群组、线下活动、赞助会议和提供资源支持等方式促进交流与合作。... 2025-3-13 08:49:1 | 阅读: 6 | 收藏 | PortSwigger Blog - portswigger.net security burp appsec portswigger pros

Behind the Scenes of Burp AI: How we built it, and what's next PortSwigger开发了AI驱动的安全测试工具Burp AI，经过一年的研究和开发，并于2024年11月进行了私人试用。通过收集反馈和改进，该工具即将在Burp Suite Professional中推出，并计划扩展至其他版本。... 2025-3-12 13:30:52 | 阅读: 4 | 收藏 | PortSwigger Blog - portswigger.net burp security portswigger trial ensuring

PortSwigger and SAP forge strategic partnership to enhance enterprise web security PortSwigger与全球企业软件领导者SAP达成战略合作，采用其Burp Suite Enterprise Edition作为首选动态应用安全测试解决方案。该方案凭借高精度、高效性和可扩展性助力SAP应对大规模云环境安全挑战，并通过集成自动化测试提升开发流程安全性。... 2025-2-25 14:34:46 | 阅读: 6 | 收藏 | PortSwigger Blog - portswigger.net security portswigger burp dast cloud

Shadow Repeater:AI-enhanced manual testing 这篇文章介绍了PortSwigger新发布的Shadow Repeater工具，该工具通过AI技术增强手动测试能力，在用户发送请求时自动生成参数变异并检测潜在漏洞如XSS和路径遍历。... 2025-2-20 13:20:19 | 阅读: 11 | 收藏 | PortSwigger Research - portswigger.net repeater shadow variations burp

Why it's time for AppSec to embrace AI: How PortSwigger is leading the charge 这篇文章探讨了人工智能（AI）在应用安全（AppSec）领域的潜力与挑战。尽管部分人对AI持怀疑态度或担心其安全性，作者认为AI可以增强而非取代人类渗透测试员的能力。PortSwigger公司已推出AI增强的Burp Suite功能，旨在提高效率、准确性和生产力。... 2025-2-14 14:23:55 | 阅读: 6 | 收藏 | PortSwigger Blog - portswigger.net burp security pentesters adoption portswigger

The future of security testing: harness AI-Powered Extensibility in Burp  PortSwigger推出AI驱动的扩展功能至Burp Suite Professional，利用Montoya API简化集成并保障数据安全。用户可免费获取10,000 AI积分用于实验与创新，并通过BApp Store分享成果。此功能提升安全测试效率与深度。... 2025-2-13 13:52:39 | 阅读: 11 | 收藏 | PortSwigger Blog - portswigger.net security burp hackvertor montoya

Top 10 web hacking techniques of 2024 Published: 04 February 2025 at 15:01 UTC... 2025-2-4 15:2:32 | 阅读: 11 | 收藏 | 0day Fans - portswigger.net security orange ten dompurify worstfit

Bypassing character blocklists with unicode overflows Published: 28 January 2025 at 13:58 UTC... 2025-1-28 13:58:28 | 阅读: 12 | 收藏 | PortSwigger Research - portswigger.net overflow 0x10000 codepoint truncation 0x4e41

The complexities of scaling AppSec teams and how to address them in 2025 Tom Ryder |28 January 2025 at 13:08... 2025-1-28 13:8:23 | 阅读: 10 | 收藏 | PortSwigger Blog - portswigger.net appsec security burp portfolios dast

Stealing HttpOnly cookies with the cookie sandwich technique Published: 22 January 2025 at 14:45 UTC... 2025-1-22 14:45:11 | 阅读: 9 | 收藏 | PortSwigger Research - portswigger.net sandwich param1 deadbeef param2 sessionid

Make Burp Suite your own: high-powered extensibility to customize and enhance your testing. ️ 这篇文章介绍了 Burp Suite 的可扩展性功能，包括 Bambdas、BChecks 和 Extensions 三种方式。通过这些工具，用户可以定制和增强 Burp Suite 的功能以满足特定需求。Bambdas 是代码片段用于过滤和增强工作流程；BChecks 是自定义扫描检查；Extensions 则是用户创建的工具以扩展 Burp 的功能。这些功能帮助用户实现个性化测试和高效协作。... 2025-1-10 15:53:34 | 阅读: 5 | 收藏 | PortSwigger Blog - portswigger.net burp bambda bambdas library

Top ten web hacking techniques of 2024: nominations open Published: 08 January 2025 at 14:07 UTC... 2025-1-8 14:7:35 | 阅读: 9 | 收藏 | 0day Fans - portswigger.net bypass injection remote novel

Top 10 web hacking techniques of 2024: nominations open Published: 08 January 2025 at 14:07 UTC... 2025-1-8 14:7:27 | 阅读: 17 | 收藏 | PortSwigger Research - portswigger.net nominations bypass novel remote security

Bypassing WAFs with the phantom $Version cookie Published: 04 December 2024 at 15:03 UTC... 2024-12-4 23:3:35 | 阅读: 8 | 收藏 | PortSwigger Research - portswigger.net quoted value2 param2 value1 param1