PortSwigger
@PortSwigger
Followers
98K
Following
125
Media
207
Statuses
4K
We are a leading provider of software and learning on web security. We make @Burp_Suite and @WebSecAcademy.
Joined May 2008
Introducing DOM Invader: DOM XSS just got a whole lot easier to find.
9
234
583
NEW CERTIFICATION ALERT! The new Burp Suite Certified Practitioner certification launches today! Learn more and get your exam here! 🎆 .#burpsuitecertified .
24
198
552
Fancy getting Burp Suite Certified for free? Book, take, and pass your exam before 15th Dec 2021 and we'll refund you your $99. Who's ready for the challenge?.#burpsuitecertified.
26
134
468
To the very many people who’ve requested a third edition of The Web Application Hacker’s Handbook … . I’ve decided not to do one. Instead I’m working on something way more exciting. Details to follow.
16
68
391
Blog post: Burp Suite tips from power user and "hackfluencer" Stök.
4
88
365
To all the bug bounty hunters out there: How would you recommend bounty hunters find their very first bug? How did you find your first paid bug? . #bugbounty #bugbountytips.
20
73
335
Manual testing with Burp Repeater is now more efficient than ever. Free up screen space by organizing tabs into color-coded groups and collapsing them into a single scrollable row. You can now even search for tabs and groups by name.
11
64
340
We have added a new technique by @fasthm00 to Exploiting CORS misconfigurations for Bitcoins and bounties .
2
128
324
PortSwigger has today donated $225,000 to the International Red Cross @ICRC to support their work helping the victims of the attack on Ukraine. Half of this money came from the @PortSwiggerRes bug bounty fund, and this amount was matched by the @PortSwigger business.
4
50
299
If you often find yourself dealing with too many Repeater tabs, then you're going to love Burp's new tab grouping feature.
9
49
271
We have updated our guide on how to become a web security researcher.
0
103
266
@rana__khalil We quite agree! And since we aren't crazy, we'd love to talk about this. Please could you email support@portswigger.net and we'll take things from there?.
12
5
245
Are CSP's getting in the way of scoring that Bug Bounty you have been working on? 😫. Lucky for you, our research team (@PortSwiggerRes) has released some new techniques using Form Hijacking to bypass that protection and get you hacking again; enjoy!.
2
60
232
PortSwigger is now on YouTube. Please do check us out and subscribe, to watch the latest updates on @Burp_Suite, @WebSecAcademy, @PortSwiggerRes, and more.
8
54
208
In case you missed it, @albinowax 's amazing talk "Listen to the Whispers: Web Timing Attacks that Actually Work" from Def Con is now available to watch on YouTube.
2
36
208
On the first day, PortSwigger created Burp Suite. On the second day, we gave you the Web Security Academy. What do you think is next? .#newproductlaunch #burpsuite #websecurityacademy
22
28
197
We're pleased to share our product roadmap for 2020, highlighting what's on the way for Burp Suite Enterprise Edition, Burp Suite Professional, and Burp Scanner.
12
69
189
There was a lot announced at Apple #WWDC yesterday, and we’re obviously hard at work supporting the latest OS updates 👀
11
24
194
Another really awesome example of the PortSwigger Research team’s new findings being used, this time to win a bounty! Well done, @_0x999 🎉. Ready to try these new techniques for yourself? Check out Splitting the Email Atom by @garethheyes 👉
1
23
194
We’re excited to announce our “women in tech” university scholarship scheme, offering £70,000 of financial support to help young women get started in a tech career. (Near Manchester, UK.).
7
56
179
We've slashed the price of our Burp Suite Certified Practitioner exam for Black Friday, and we'll still refund you if you pass. What are you waiting for?.#burpsuitecertified #BlackFriday
34
77
179
It’s BlackHat week and we have some huge things to share:. - Conference talk by @albinowax.- Blog post with full details.- @WebSecAcademy update with labs on brand new vulnerabilities.- @Burp_Suite update with scan checks for new issues.- Director’s cut of James’s talk on YouTube.
3
37
171
Blog post: mapping out Burp Suite's crawler. This is a deep dive into the crawler, which is at the heart of Burp Suite's capabilities, and covers the crawler's origins, its current state and plans for the future.
2
72
173
For the record, we have no plans ever to charge for access to Web Security Academy labs. The low price of the certification covers the exam proctoring and infrastructure costs.
8
15
163
Introducing in-app recon to the Web Security Academy, with the brand new mystery lab challenge! This new feature gives academy users the chance to find and exploit vulnerabilities by generating a random lab to test their skills. #mysterylabchallenge.
2
42
170
Just to be clear. To pass the Burp Suite certification exam, you will need access to Burp Suite Pro. It doesn’t matter if it is paid or trial or your work license or anything else. We don’t check your subscription. It’s just impossible to pass the exam without Burp Suite Pro.
11
28
164
We're looking for interesting and helpful videos/guides on using Burp Suite as a pentester - what have you all got? Share links to your favourites in the comments below . #burpsuite.
15
41
161
Blog post: Finding your first bug: bounty hunting tips from the Burp Suite community.
2
64
150
Introducing BChecks - a new, faster way to add your own scan checks to Burp Scanner. Create your first BCheck today:.
6
43
153
I originally wrote Burp to make my day job easier. Glad to hear it’s helping others.
Was just sitting here pondering how difficult my job would be without Burp Suite. Thank you @PortSwigger. Seriously. Thank you.
6
18
145
Finding Client-Side Prototype Pollution (CSPP) with DOM Invader by @garethheyes - now available on the Early Adopter channel.
2
46
146
Burp Scanner now lets you record login sequences using your browser, so you can work with non-standard login mechanisms, single sign-on services, and other challenges.
Burp Suite Pro/Community 2020.9.2 released, with support for recorded login sequences in Burp Scanner and various bug/security fixes.
2
39
145
For everyone who has a Burp Suite Certified Practitioner exam ready to take, we wanted to share a couple of exam pre-prep top tips. We've added some advice from people who've passed already - if you've got any tips then share them below! #burpsuitecertified.
14
34
143
Burp Suite Professional has plenty to learn - so we put our heads together and created a list of resources to help you get started. Anything to add to the list?.#BurpSuiteTips #burpsuite
4
41
136
"Hunting evasive vulnerabilities: finding flaws that others miss" - from @albinowax - will be premiering at @nullcon Berlin in just a few days. If you can't catch the live event, it'll be available on YouTube post-conference.
8
25
136
Wondering how to enable DOM Invader? Well, it's available in the early adopter release. So you get it by using the early adopter channel.
3
37
129
Evaluating an automated web vulnerability scanner? Use our new to put your scanner to the test. This is a realistic example of a modern website, containing serious vulnerabilities you might encounter in the wild.
4
27
119
This is a Burp extension, and it's only a prototype currently - check it out and feel free to share your thoughts with us!.
We've prototyped a new feature in repeater where we are diffing the last response with the current and showing different colours depending on what changes. Please check it out we'd love your feedback!.
1
13
121
Burp house, in the middle of Burp street . we’re getting pretty excited about our new office now!.
9
15
115
It’s official. Burp Suite detects everything except pregnancy.
6
20
114
🎵 If you're having cert issues I feel bad for ya son, I got $99 problems but the bill ain't one. 🎵. All you have to do is pass the Burp Suite cert exam before 15th Dec and we'll refund you your $99 exam fee. #burpsuitecertified #99problems.
7
36
115
Last few days to try your hand at @RealTryHackMe's Advent of Cyber challenge. There are Burp Suite certification exams up for grabs as part of the prize pool. #adventofcyber #burpsuitecertified.
3
17
106
Want more attack surface? DOM Invader's got you covered. It'll help discover JavaScript based parameters automatically, and show them in the URLSearchParameters source in the tree view.
3
31
106
Want to see if a sink is vulnerable?? Either inject the canary and additional characters, or set the canary to include them. You could even use JavaScript URLs as a canary - "javascript:burpdomxss".
0
27
105
You asked, we answered. Watch Burp Suite creator @DafyddStuttard talk about how Burp started, where the name PortSwigger came from, who Peter Wiener is, getting started in pen testing, the sinister Carlos, and more. #AskMeAnything.
7
26
105
The official PortSwigger Discord is now open! 🎉👾. Join for access to exclusive events, feature previews, research releases, and to hang out with Burp Suite developers. Join for free here:
7
27
100
🍪 Introducing the “Cookie Sandwich” technique. This vulnerability manipulates how servers parse cookies, potentially exposing sensitive user information like session IDs. Read more:
1
22
99
Want to find JSON data structures automatically? Settings > "generate automated messages", to set DOM Invader guessing message structures using specially crafted JavaScript. Click the link below with DOM Invader and post message options enabled:
1
20
90
Interested in learning how to extract sensitive data from websites when JavaScript is not an option?. Our very own @garethheyes has published some new techniques on how to achieve this using Blind CSS Exfiltration. Come and take a look 👀.
2
18
88
Introducing multiple new classes of web race condition, that go far beyond limit-overrun exploits and expose previously overlooked attack surface, alongside new Burp Suite tooling and a brand new set of labs and learning materials.
0
23
88
It's no bug folks, we actually are offering our certification for just $9 - and if you pass before 15 December '21 we'll still refund you! #burpsuitecertified
8
24
88
Calling all Pro/Community users. As part of our table enhancement work, we'd like to know - are tables easier to read with or without zebra stripes?. Follow this link to cast your vote 👉
24
8
85
PortSwigger is now on YouTube! Do subscribe to see updates on Burp Suite, the Web Security Academy, and PortSwigger research.
0
17
77
For the first time, three members of our research team are presenting at BlackHat USA and DEF CON 32! Get a sneak peek at the latest from @albinowax, @garethheyes, and @tincho_508. Check it out: . #BlackHat #DEFCON #Cybersecurity.
3
18
79
At Black Hat 2021 @PortSwiggerRes introduced multiple new classes of HTTP/2-exclusive threats and showed how these flaws enable desync attacks. Catch up on these before @albinowax presents the next stage of the journey, Browser-Powered Desync Attacks.
2
21
79
Watch research presentations on demand 🧵👇. PortSwigger recently presented three ground-breaking releases at Black Hat USA and DEF CON, uncovering a range of new techniques that could be used to exploit applications - and now two of these talks are available publicly!.
3
16
79
You can now use DOM Invader to test for client-side prototype pollution. For an overview of how to use the exciting new features from PortSwigger researcher and creator of DOM Invader, Gareth Heyes, check out the following video.
2
19
74
Despite being seemingly counterintuitive, starting again from scratch actually presented us with an opportunity to improve code and functionality at a scale not normally possible. And now? It's time to welcome browser-powered scanning 2.0.
0
25
72
Burp Suite Pro users, we're talking to you. Are there any videos or blogs that you would recommend to first-time users to help them get to know Burp??.#burpsuite.
13
10
77
A sneak preview of the latest research from @albinowax - that he'll be unveiling at this year's BlackHat USA event - along with some very exciting product development news! .#blackhatusa #burpsuite #appsec.
0
18
73
What a week it’s been for @PortSwiggerRes at Black Hat USA! . Three major releases debuted at the conference, containing a range of new techniques that attackers are using to exploit applications. Take a look at all three white papers below 👇.
3
20
72
ICYMI @Burp_Suite Professional and Community Edition now pretty-print JSON, CSS, JavaScript, HTML, and XML automatically.
4
20
67
For anyone who started using Burp this year, what has been the hardest part of getting started? #burpsuite.
29
7
72
Who's geared up to take their certification exam? Don't forget, if you book and pass before 15th Dec we'll refund your exam fee! Put your skills to the test now with our practice exam . 💻📖.#burpsuitecertified.
2
12
66
Be one of the first 100 people to become a Burp Suite Certified Practitioner, and get a limited-edition, exclusive swag bundle to show off your new certification! .#burpsuitecertified .
1
8
69
Scanning from an API definition is now possible in Burp Suite Pro. Thanks for having a little patience 😉.
1
14
69
Our expensive lawyers have brought it to our attention that you are passing off a bodily part as a PortSwigger product. We demand that you desist and remove our trademark from your limb (or the limb itself) within 7 days. #April1.
6
6
62
Are you familiar with all of Burp Suite's WebSockets features? Watch this video to see why Burp is so powerful for WebSockets security testing and can find bugs that other tools miss.
Burp Suite essentials #10: How to test WebSockets.
0
18
64
You asked. We delivered. Well, we will be very soon. The latest workings from the incredible minds of PortSwigger Research, coming soon to a computer near you. #newproductlaunch #burpsuite #websecurityacademy
2
2
65
Let's close the week out with something useful - thanks to a fantastic tweet thread from Burp user @codingo_ we've got a great list of tips and tricks for you all 👌.#BurpSuiteTips #burpsuite.
0
22
63
It's that funny time of year when life is in limbo, so why not work through some of the labs in our Web Security Academy? Follow the learning path, track your progress, and make sure to delete Carlos! .#websecurityacademy #vulnerabilities .
4
12
61
One of our team's most popular breakthroughs so far is now six years old. Don't let age fool you though, Burp Collaborator still rules the roost. #burpsuite.
0
7
62
Help us to shape the future of Burp Suite, and build your very best product experience. #burpsuite #productexperience #feedbackmatters.
7
24
59
So long, and thanks for all the fish. A sad day today as we say goodbye to The Daily Swig - the team have provided the community (and us) with five and a half years' worth of high-quality news, and we're sorry tto announce that this journey has ended.
5
8
61
We interviewed three of the high flyers in our Hall of Fame, to find out exactly what inspired them to get ahead of the game in web security. #websecurity .
1
15
60
1/ There will be three major releases from @PortSwiggerRes at Black Hat USA and DEF CON this August!. Read more below for an insight into this groundbreaking innovation, and keep an eye out for the related @WebSecAcademy labs that will be released next month. 👀.
2
17
58
Learn how to bypass password logins, avoid account lockout, and defeat two-factor authentication in our awesome new #WebSecurityAcademy topic and labs.
We've added a brand new topic on authentication vulnerabilities, including 14 new labs!.
5
13
58
Want to see every sink that a site uses? Simply enable DOM Invader, set the canary value to an empty string, then sit back and observe the site sinks …
1
10
59
We recently caught up with Corey Ball - cybersecurity consultant, author, and API hacker extraordinaire - to discuss all things API security. #APIsecurity.
0
17
61
How to get real good at hacking:.1. Turn on dark mode in Burp Suite. 2. Follow our @WebSecAcademy learning path. 3. Smash those labs. #hacking #advice #darkmode.
4
16
57
🚨 Reminder: Results for the Top 10 Web Hacking Techniques of 2024 are near!. Joining the voting panel are @LiveOverflow and @stokfredrik alongside @Agarri_FR and @irsdl. Their expertise makes this year’s panel stronger than ever. Top 10 revealed on February 4th, stay tuned!
2
15
57
Find out how browser-powered scanning works under the hood, why this approach is essential for scanning modern web applications, and our exciting plans for building on this foundation.
0
21
53
Have you booked your Burp Suite Certified Practitioner exam yet? If you can complete all the "Apprentice" and "Practitioner" level labs in our Web Security Academy you're already well on your way … #burpsuitecertified
2
8
57