Preface

This book on Burp is meant for web security testers. You might be using browser plugins or automated scanners or even other interception proxy tools. In this book, you will see how Burp Suite is a versatile tool that allows almost any kind of web security testing based on your needs. This book will build on how Burp can be used with upstream proxies, SSL certificates, and more. You will learn how to search, extract, and do pattern matching for requests and responses and use that knowledge to test complex and simple web applications. You will learn to use different tools and components together to form a powerful chain of tools for web testing. As a professional tester, we need to be able to report our work, safeguard it, and sometimes even extend the tools that we use.

You will learn how different components of Burp Suite can be used together and how to use Burp Suite like a pro. You will learn to embrace the user-driven workflow for testing web applications. You can customize and extend Burp according to your needs for maximum testing and minimum software.

This book has an easy-to-follow style, where we focus on understanding what the problem is that we are trying to solve and how Burp can make it easy for us to solve. Looking at scenarios, real-world use cases, and applying the philosophy of how Burp is designed makes for an easy read and a highly actionable list of items for you to take back to your workplace.