02 Mar 2017 - Posted by Luca Carettoni
We couldn't be more excited to present our brand-new class on web security and security automation. This blog post provides a quick overview of the 8-hours workshop.
Developing Burp Suite Extensions - From manual testing to security automation.
Ensuring the security of web applications in continuous delivery environments is an open challenge for many organizations. Traditional application security practices slow development and, in many cases, don’t address security at all. Instead, a new approach based on security automation and tactical security testing is needed to ensure important components are being tested before going live. Security professionals must master their tools to improve the efficiency of manual security testing as well as to deploy custom security automation solutions.
Based on this premise, we have created a brand-new class taking advantage of Burp Suite - the de-facto standard for web application security. In just eight hours, we show you how to use Burp Suite’s extension capabilities and unleash the power of the tool to improve efficiency and effectiveness during security audits.
After a quick intro to Burp and its extension APIs, we work on setting up an optimal development environment enabling fast coding and debugging. While we develop our code using Oracle’s Netbeans, we also provide templates for IntelliJ IDEA and Eclipse.
We will create many different types of plugins:
Finally, we leverage our extensions to build a security automation toolchain integrated in a CI environment (Jenkins). This workshop is based on real-life use cases where the combination of custom checks and automation can help uncovering nasty security vulnerabilities.
All templates and code-complete Burp Suite extensions will be available for free on Doyensec’s Github. If you are curious, we’ve already uploaded the first three modules.
The training is suitable for both web application security specialists and developers. Attendees are expected to have rudimental understanding of Burp Suite as well as basic object-oriented programming experience (Burp extensions will be developed in Java).
Attendees should bring their own laptop with the latest Java as well as their favourite IDE installed.
Location | Date | Notes |
---|---|---|
Heidelberg (Germany) |
March 21, 2017 | Delivered during Troopers 2017 security conference. There are still seats available. Book it today and get Burp swag during the training! |
Warsaw (Poland) |
June 5, 2017 | Come for WarCon invite-only conference, stay for the training! For registration, please contact [email protected] with subject line "Burp Training Post-WarCon". |
This training is delivered worldwide (English language) during both public and private events. Considering that the class is hands-on, we are able to accept up to 15 attendees. Video recording available on request.
Feel free to contact us at [email protected] for scheduling your class!