"By integrating Burp Suite's powerful DAST scanning technology into SAP's processes, we are proud to support their commitment to delivering secure, high-quality web applications for their global customer base." - @dafyddstuttard.bsky.social

We're excited to announce we're partnering with SAP to strengthen the security of their cloud services.

Burp Suite’s leading DAST technology delivers automated, precise security testing, helping SAP meet their security needs at scale.

Read more 👉 bit.ly/41yMgCc

Join the PortSwigger Discord Server! A place where security professionals, hobbyists, and passionate Burp users can hang out, chat, and collaborate. | 7397 members

Join the conversation!

What’s your take on this year’s top 10? Share your thoughts in the PortSwigger Discord community: discord.com/invite/ports...

Top 10 web hacking techniques of 2024 Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

Check out the Top 10 Web Hacking Techniques of 2024 here:
portswigger.net/research/top...

🏆 The results are in - The 10 Web Hacking Techniques you can’t afford to ignore.

This research has the potential to influence security tools, inspire new defenses, and inform best practices across the industry.

Check them out below 👇

Make Burp Suite your own: high-powered extensibility to customize and enhance your testing. 🛠️ Extensibility in Burp Suite is about giving you and your team the power to customize, enhance, and extend Burp Suite to match your testing needs and objectives. This comprises a powerful suite of tool

Achieve your specific testing goals by customizing Burp with unmatched extensibility. 🛠️

Read more here:
portswigger.net/blog/make-bu...

Episode 3: Hack Smarter, Not Harder. Why Custom Tools Matter YouTube video by Across the Pondcast

Listen here: www.youtube.com/watch?v=auQH...

Work smarter, not harder!

Don’t miss this latest episode of Across the Pondcast from @tib3rius.bsky.social & @swiftsecur.bsky.social and pick up some handy tips for using custom testing tools.👇

Join the PortSwigger Discord Server! A place where security professionals, hobbyists, and passionate Burp users can hang out, chat, and collaborate. | 6945 members

Tonight at 4pm GMT (12pm EDT), join @0xTib3rius for their Big Bambda Boom talk, which explores how you can start using Bambdas to assist your web app testing.

Join the PortSwigger Discord to register for this exciting event 👇
discord.com/invite/ports...

CSTC, Modular HTTP Manipulator Allows request/response modification using a GUI analogous to CyberChef

Download 👉 portswigger.net/bappstore/86...

Modify Burp’s traffic with CSTC 👨‍🍳

Built for experts, CSTC enables you to define recipes that are applied to incoming or outgoing HTTP requests/responses automatically.

Download “CSTC, Modular HTTP Manipulator” in the BApp store today!

We’re so proud of the entire Burp community for smashing 2024!

Here’s to 2025 - we can’t wait to see what's in store next year… 👀

Join the PortSwigger Discord Server! A place where security professionals, hobbyists, and passionate Burp users can hang out, chat, and collaborate. | 6535 members

In 2024, we launched the PortSwigger Discord. 👾

As part of this thriving community, you guys have been busy sharing helpful AppSec resources, running research events, sharing best practices when using Burp, and much more!

Join the PortSwigger Discord: discord.com/invite/ports...

In August, three members of the world-renowned PortSwigger Research team presented groundbreaking new findings at Black Hat USA and DEF CON. 🎩

It’s been awesome to see the success Burp users have had when implementing these new techniques.

Read more: portswigger.net/black-hat-2024

Introducing DAST scanning in the Cloud, with Burp Suite Enterprise Edition We’re excited to announce that Burp Suite Enterprise Edition is now available in PortSwigger’s secure cloud. You can now free up testing time with scalable, automated DAST scanning, without the burden

In March, Burp Suite Enterprise Edition in the Cloud arrived on the scene. ☁️

Since then, 1000s of organizations across the globe have been freeing up testing time with automated, scheduled DAST scanning, without the need to host any infrastructure.

Learn more: portswigger.net/blog/introdu...

Learning paths | Web Security Academy A step by step journey, from beginner to expert level, through the Web Security Academy - brought to you by PortSwigger. Create an account to get started.

Back in January, new learning paths were released in the Web Security Academy.

And you’ve all learned a lot - 3.5mil labs have been completed by over 220k users this year. 🤯

Explore the paths: portswigger.net/web-security...

Wow, what a year 2024 has been!

The Burp Suite community has achieved so much, from completing Academy labs and passing the Burp Certification, to running events on the PortSwigger Discord.

Let’s take a look at what you’ve been up to this year… 👀

DEF CON 32 - Listen to the Whispers: Web Timing Attacks that Actually Work - James Kettle YouTube video by DEFCONConference

In case you missed it, @albinowax.bsky.social 's amazing talk "Listen to the Whispers: Web Timing Attacks that Actually Work" from Def Con is now available to watch on YouTube.

www.youtube.com/watch?v=zOPj...

Hello world