If you do application security and don't use Burp Suite, then you're likely doing it wrong. If you do use Burp Suite, then you know that Burp is chock full of features that are either counterintuitive in their placement or complicated to use. In this talk, my goal is to leverage experience gained from years in the field with Burp Suite to demystify some obscure features of Burp and share unintended ways I use the tool to be a more effective and efficient application security tester. As a PortSwigger Burp Suite Training Partner, I have the privilege of teaching students with many different levels of exposure to Burp Suite. One thing remains consistent across all of the students in my classes; Regardless of skill level, they all walk away with something that makes them more proficient with Burp Suite. I'm confident you will too.

Tim is a Managing Consultant at nVisium with extensive experience in Application Security and Software Development. Tim currently manages multiple open source software projects such as the Recon-ng Framework, the HoneyBadger Geolocation Framework, and PwnedHub, writes technical articles at lanmaster53.com, and frequently instructs and presents on Application Security topics at major Information Security conferences such as DerbyCon, ShmooCon, Black Hat and SANS.

@lanmaster53

Back to Derbycon 2017 video list