Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...

Web cache deception is a vulnerability that enables an attacker to trick a web cache into storing sensitive, dynamic content. It's caused by discrepancies between how the cache server and origin ...

Best for pentesters and hands-on security professionals. Free up testing time with scalable, automated scanning Automated DAST scanning without limits. Free up testing time with trusted Burp ...

Application responses may depend systematically on the presence or absence of the Referer header in requests. This behavior does not necessarily constitute a security vulnerability, and you should ...

HTTP requests sometimes contain SQL syntax. If this is incorporated into a SQL query and executed by the server, then the application is almost certainly vulnerable to SQL injection. When SQL-like ...

The Prototype Pollution Gadgets Finder is a powerful Burp Suite extension designed to detect and analyze server-side prototype pollution vulnerabilities in web applications. This tool automates the ...

We've introduced a feature that enables you to create HTTP match and replace rules using Bambdas. This enables you to handle complex or bulk changes more flexibly and easily. For example, you could ...

Burp Intruder is a powerful tool for performing highly customizable, automated attacks against websites. It enables you to configure attacks that send the same request over and over again, inserting ...

This is a quick reference guide to troubleshooting the most common Burp Scanner error messages. You can use Ctrl/Cmd + F to search for the error you've encountered to ...

Burp Intruder has a built-in username generator that takes an input and produces a list of potential usernames using common patterns. For example, if you were to provide the input Carlos Montoya the ...

SQL injection vulnerabilities occur when an attacker can interfere with the queries that an application makes to its database. You can use Burp to test for these vulnerabilities: Professional Use Burp ...

Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location. SSRF vulnerabilities may ...