James Lester & Joseph Tartaro: "Burp Suite: Informing the 99% of what the 1%'ers are knowingly taking advantage of." (BSides Las Vegas 2012) (Hacking Illustrated Series InfoSec Tutorial Videos)

Feel free to include my content in your page via my
RSS feed Follow @irongeek_adc

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:

Help Irongeek.com pay for bandwidth and research equipment:

James Lester & Joseph Tartaro: "Burp Suite: Informing the 99% of what the 1%'ers are knowingly taking advantage of." (BSides Las Vegas 2012) (Hacking Illustrated Series InfoSec Tutorial Videos)

James Lester & Joseph Tartaro: "Burp Suite: Informing the 99% of what the 1%'ers are knowingly taking advantage of."

Burp Suite has created a name for itself as arguably one of the go-to weapons of choice for web application pentesters, but one of its best features is consistently being ignored: the ability to append or modify functionality through the use of burp extensions. Extensions as a feature have introduced users to numerious possibilities, and have given opportunities to easily develop functionality that�s necessary to complete required test related tasks. With all that is available through Burp extensibility, why have we not seen its users contribute functionality to the same degree as community driven projects such as MetaSploit or the Nmap Scriptability Engine? In this presentation, James Lester and Joseph Tartaro will debut their campaign, which focuses on building demand, support, and an overall desire around the creation of Burp extensions in the hope of bringing extensibility to the forfront of web application testing. As a team, James and Joseph will begin by outlining the current demand, capabilities, and limitations while introducing up to a dozen extensions they created that presently utilize all current accessible functionality within the extensibility suite. Along with the release of these extensions, a campaign will be presented to organize and develop an extension community that documents tool primers, lessons learned, and tips/tricks, along with hosting extensions and tools catered to Burp. As a team, Joseph and James will showcase the benefits to their approach, which include increased efficiency and a simplified way to write new scripts. During development of this talk, James and Joseph took into consideration that re-use is a key factor and development techniques were used to help test user adaptation. Something learned isn't research until it's shared, and they plan to put this statement to practice utilizing B-Sides as a perfect tool to help collect data, convey interests, and share results.

Download:
http://archive.org/download/BsidesLasVegas2012/1.2.4JamesLesterJosephTartaroBurpSuiteInformingThe99OfWhatThe1ersAreKnowinglyTakingA.avi

Back to BSides Las Vegas 2012 video list

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.