Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to ...

Blind cross-site scripting (XSS) is a type of stored XSS in which the data exit point is not accessible to the attacker, for example due to a lack of privileges. To test for blind XSS vulnerabilities, ...

The response contains two or more Set-Cookie headers that attempt to set the same cookie to different values. Browsers will only accept one of these values, typically ...

Macros are made up of requests taken from the Proxy history. The first step in adding a macro is to select these requests. To do so: The macro editor displays an editable list of items in the macro.

You can configure payload processing rules so that Burp Intruder modifies payloads before it inserts them into the request. This is useful for a variety of purposes, such as when you need to: Generate ...

Use this function to discover content and functionality that is not linked from visible content that you can browse to or Burp Scanner can crawl. You can see the discovered content in a site map for ...

Web cache deception is a vulnerability that enables an attacker to trick a web cache into storing sensitive, dynamic content. It's caused by discrepancies between how the cache server and origin ...

You can use Burp Suite Professional's automated content discovery tool to discover hidden directories, files, and other endpoints. The tool uses lists of common file and directory names to guess the ...

Details enables you to specify the actions that the rule performs when it is applied to a request. Scope enables you to specify the tools, URLs and parameters that the rule applies to. Access the Rule ...

You can upload an OpenAPI definition or a SOAP WSDL to run a specific API scan. To begin configuring your scan, upload an OpenAPI definition or a SOAP WSDL in the API definition tab. You can do this ...

This learning path teaches you how to test APIs that aren't fully used by the website front-end. You'll learn key API recon skills to help you discover more attack surface. In addition, you'll learn ...

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in ...