What a week it’s been for PortSwigger Research at Black Hat USA! Three major releases debuted at the conference, containing a range of new techniques that attackers are using to exploit applications. This new research is based on years of findings from the team, and has been incorporated into the development of new Burp Suite features and capabilities, building world-leading innovation into the tools you use every day. ⏱️ In Listen to the whispers, James Kettle shares how to detect sub-millisecond differentials, exposing hidden server secrets and vulnerabilities using only timing. ⚛️ Check out Splitting the Email Atom, where Gareth Heyes reveals how email parsers can be exploited to circumvent access controls. 🕸️ Uncover novel methods for web cache exploitation in Martin Doyhenard’s Gotta Cache ‘em All. Take a look at all three white papers linked in the comments 👇
PortSwigger
Software Development
Knutsford, Cheshire 119,793 followers
Enabling The World To Secure The Web.
About us
PortSwigger is a global leader in the creation of software tools for security testing of web applications. For over a decade, we have worked at the cutting edge of the web security industry, and our software is well established as the de facto standard toolkit used by web security professionals. The team behind Burp Suite is growing steadily, and we are always recruiting for outstanding Java and .NET developers to join our ultra-agile team near Manchester, UK. If you are the best software engineer at your current employer and looking for a challenge, please get in touch: https://portswigger.net/careers
- Website
-
https://portswigger.net
External link for PortSwigger
- Industry
- Software Development
- Company size
- 51-200 employees
- Headquarters
- Knutsford, Cheshire
- Type
- Privately Held
- Founded
- 2008
- Specialties
- Web application security, Web vulnerability scanning, Security tools, Security software, DevSecOps, Penetration Testing, Cybersecurity, and Cybersecurity Training
Locations
-
Primary
Victoria Court
Bexton Road
Knutsford, Cheshire WA16 0PF, GB
Employees at PortSwigger
Updates
-
PortSwigger reposted this
Everyone knows that the RFCs for email addresses are crazy. This post will show without doubt that you should not be following the RFC. https://lnkd.in/ev34KFye
-
PortSwigger reposted this
The whitepaper is live! Listen to the whispers: web timing attacks that actually work. Read it here: https://lnkd.in/eHEBaKXU
-
Web security threats are constantly evolving, making it difficult to keep up-to-date with the latest attacks. PortSwigger Research have built upon years of findings to uncover new techniques, and will soon be presenting pivotal research at #BHUSA to enhance your threat awareness. This new research has also been incorporated into the development of new Burp Suite features and capabilities, building world-leading innovation into the tools you use every day. Keep an eye on our socials as we share updates today and in the coming days from Black Hat USA 👀 #BlackHatUSA
-
PortSwigger reposted this
🔐 Unlock enhanced API scanning with Burp Suite 🔐 APIs are an increasingly critical function of modern web applications. Despite this, scanning your APIs effectively remains a challenge. Burp customers have asked for a better solution. That’s why we’ve been working on enhancing our existing capability with four improved API scanning features, allowing you to: 🛠️ Test for vulnerabilities without having to host definition files 🔍 Easily identify any hosted APIs that have been left accessible to attackers 🔬Test a wider range of OpenAPI Specification (OAS) endpoints ✅ Scan APIs that require endpoint authentication Read our blog to find out more: https://ow.ly/feEO50SOe5j #APISecurity #BurpSuite #CyberSecurity #DevSecOps #APITesting #AppSec
-
-
🔐 Unlock enhanced API scanning with Burp Suite 🔐 APIs are an increasingly critical function of modern web applications. Despite this, scanning your APIs effectively remains a challenge. Burp customers have asked for a better solution. That’s why we’ve been working on enhancing our existing capability with four improved API scanning features, allowing you to: 🛠️ Test for vulnerabilities without having to host definition files 🔍 Easily identify any hosted APIs that have been left accessible to attackers 🔬Test a wider range of OpenAPI Specification (OAS) endpoints ✅ Scan APIs that require endpoint authentication Read our blog to find out more: https://ow.ly/feEO50SOe5j #APISecurity #BurpSuite #CyberSecurity #DevSecOps #APITesting #AppSec
-
-
Did you know ... you can now scan APIs by uploading a definition in Burp Suite Enterprise! #BurpSuiteShorts
-
Want to quickly swap request methods in Burp Suite Pro? Here’s how! #BurpSuiteShorts