The Burp Methodology
This page contains links to all our step-by-step methodology articles.
- Using Burp to Bypass Client-Side Controls
- Using Burp to Attack Authentication
- Using Burp to Attack Authentication
- Brute forcing a login page
- Vulnerable transmission of credentials / sensitive data exposure
- Injection attack: bypassing authentication
- Forced browsing
- Insecure direct object references
- Using Burp to Attack Session Management
- Using Burp to Test Access Controls
- Using Burp to Test for SQL Injection Flaws
- Using Burp to Find SQL Injection Flaws
- Using Burp to Detect SQL Injection Flaws
- Using Burp to Investigate SQL Injection Flaws
- Using SQL Injection to Bypass Authentication
- Using Burp to Exploit SQL Injection Vulnerabilities: The UNION Operator
- Using Burp to Detect SQL Injection Via SQL-Specific Parameter Manipulation
- Using Burp to Detect Blind SQL Injection Bugs
- Using Burp to Exploit Bind SQL Injection Bugs
- Using Burp with SQLMap
- SQL Injection in Different Statement Types
- SQL Injection in the Query Structure
- SQL Injection: Bypassing Common Filters
- Using Burp to Find Cross-Site Scripting Vulnerabilities
- Cross-Site Scripting Filters
- XSS: Defensive Filters
- Signature-Based XSS Filters: Introducing Script Code
- Bypassing Signature-Based XSS Filters: Modifying HTML
- Bypassing Signature-Based XSS Filters: Modifying Script Code
- XSS: Beating HTML Sanitizing Filters
- XSS Filters: Beating Length Limits Using DOM-based Techniques
- XSS Filters: Beating Length Limits Using Shortened Payloads
- XSS Filters: Beating Length Limits Using Spanned Payloads
- Using Burp to Attack Back-End Components