#Burp suite tutorial how to#
Because of this interface, a specific ruleset exists for being able to communicate with an API correctly, and in this blog we are going to be looking at how to properly test these services for security vulnerabilities using Portswigger’s tool, Burp Suite. APIs are meant to act as an interface for answering automated requests, typically provided by processes instead of people. APIs typically provide all the same services that a web application of the same provider supplies, just without the use of a graphical interface. More and more companies have been expanding their target audience by extending their host of web services to others and providing interfaces for automated services, such as a Single Sign-On (SSO) using an Application Programming Interface (API). Now let’s get started! History: What is an API? Please feel free to reach out to me or comment below if you ever have any questions or comments on Burp Suite and I’ll make sure to help in any way I can.
I hope this series will be helpful to my fellow security enthusiasts of all skill levels. Part 2 will consist of the actual penetration testing itself, and Part 3 will be on formatting our results and generating a detailed report. Part 1 will be covering the dos and don’ts of configuring and optimizing our scan engine to make sure we’re set for success. That said, if you happen to have a RESTful API service that you’re looking to conduct a penetration test against, then make sure to stick with me as we dig into the specifics for how to make sure you leave no stone unturned. Due to the subject matter being relatively technical, I’m making some assumptions that you will be at least familiar with the concepts behind conducting penetration testing and vulnerability analysis. Welcome to our 3-part blog series where we will take a dive into the technical aspects of conducting exhaustive penetration tests against REST API services, generating reports based on what tests were performed, and what our findings are. Pen Testing REST API with Burp Suite Introduction:
0 kommentar(er)
