Burp Suite Expert Training

Burp Suite Training Content

1. Introduction to Web App Security & Burp Suite

HTTP Basics, API Methods OWASP Top 10 overview, Burp Suite editions, UI walkthrough, SSL full process understanding, Managing Certificates, Proxy configuration.

1. 2. Proxy, Intercept, and Target

Intercepting browser traffic, editing HTTP requests/responses, analyzing raw traffic, target scope configuration, understanding site maps, and passively identifying interesting endpoints.

3. Repeater

Manual testing with Repeater, modifying requests/responses, observing server behavior, bypassing client-side controls, testing different payloads, and validating hypotheses.

4. Intruder

Payload positions, attack types (Sniper, Battering Ram, Pitchfork, ClusterBomb), fuzzing inputs, credential brute force, data extraction, and real-world exploitation scenarios.

5. Burp Suite Scanner & Alerts

Using the automated scanner, configuring scan settings, interpreting vulnerability alerts, passive/active scan differences, mapping to OWASP Top 10, and basic mitigation tips.

5. 6. Authentication Testing, Authorization Bypass, Privilege Escalation

7. Testing login workflows, weak auth logic, bypassing auth tokens, broken access controls (IDOR), vertical/horizontal privilege escalation, and session token testing with real scenarios.

8. 7. JWT Manipulation

9. Structure of JWTs, decoding tokens, identifying insecure algorithms (none, HS256), token tampering, signature bypass, expiry validation, and replay attack scenarios.

8. SQL Injection

Basics of SQL, input-based SQL queries, types (error-based, blind, union-based), real DB error patterns, payload crafting, database enumeration, and bypass techniques.

9. Cross-Site Scripting

Types (Reflected, Stored, DOM), input/output contexts (HTML, JS, attributes), escaping rules, payload crafting, bypassing filters, and cookie/session theft demos.

10. Server Side Request Forgery (SSRF)

Understanding SSRF, internal IP targeting, redirect abuse, file inclusion, SSRF in metadata endpoints (e.g., AWS), payload crafting, and exploitation tools like Burp Collaborator.

11. File Upload Vulnerabilities

File Upload Concept, Filetype enumeration, Request Parameters Understanding, Executable Malicious File Upload.

12. Cross Origin Resource Sharing(CORS),Cross Site Request Forgery(CSRF)

Understanding origin policies, misconfigured CORS headers, impact analysis, CSRF token patterns, SameSite cookie handling, and exploiting CSRF via Burp and custom HTML forms.

13. Path traversal, OS command injection

Directory traversal basics, file access via ../, sensitive file discovery, OS command injection points, payloads for Linux/Windows, and chaining with RCE techniques.

14. API Testing

Basics of REST APIs, endpoints, methods (GET, POST, PUT, DELETE), token auth, fuzzing parameters, JSON-based attacks, and common API flaws like rate-limiting and mass assignment.

15. Business logic vulnerabilities

Identifying non-technical flaws like discount abuse, account manipulation, workflow bypasses, examples from bug bounty reports, and a methodology to discover these manually.

16. Pentest Report Writing & Final Q&A

Structure of a pentest report (Exec Summary, Findings, Severity, Repro Steps, Recommendations), screenshot best practices, sample report templates, and open Q&A for wrap-up.

Contact Us

Get in touch for Burp Suite training and job placement inquiries. We're here to assist you with your penetration testing journey.

Connect

+88 01744 201 201

Reach

connect@mysatl.com

The training provided exceptional insights into penetration testing, and the job placement assistance was invaluable.

Shamim Al Mamun

I gained practical skills in Burp Suite that helped me land a job in cybersecurity.

Khalilur Rahman

★★★★★

★★★★★