Testing Web Application Security with Burp Suite

No votes yet.
Please wait...

Burp Suite is a special platform to perform an independent audit of web product security. It includes various tools to create maps of web applications, find docs in folders, edit requests, find valid passwords, etc.

This is an integrated web platform that helps any product company to perform both manual and automated testing. It has a user-friendly visual design with special tabs that improve the attacking process. The product itself is a special proxy mechanism that can catch any requests from a web browser. Also, it’s possible to install the burp certificate to perform an analysis of HTTP connections.

Burp Suite

Burp Suite

There are 2 versions of this software available: free and professional. Despite the fact, these versions are significantly different, the free one has a full toolkit to perform professional testing. Their main difference is the lack of a scanner in the free version and a limited number of requests per unit of time. Also, the free version doesn’t have built-in payloads for the intruder.


The main functionality of this software is based on the following modules:

  • Proxy is a special interceptive proxy server that is working on HTTP protocol in the main-in-the-middle mode. When it is between a browser and an application, this proxy server will allow intercepting, analyzing, and editing traffic that is going both ways.
  • Spider allows automatically finding data on the basic architecture of a web product.
  • Scanner search for vulnerabilities. The professional version has this functionality, and the free one only describes its functions.
  • Intruder is a special utility with which you can conduct various attacks like guessing a password, search ID, fuzzing, and others.
  • Repeater is a function for patching and resending HTTP requests, and analysis of application responses.
  • Sequencer is a utility to analyze the generation of random data of a web application, identify algorithm of generation and predictivity of information.
  • Decoder is a special function for manual and automated data conversion in a particular web application.
  • Comparer that allows finding differences in very similar data.

Burp Suite Mobile Assistant

This product has also a mobile version where you can easily test different applications in the iOS environment.

It allows editing systemic configurations of the iOS gadget’s proxy server to easily redirect HTTP(S) traffic in Burp for analytics. Also, it can use SSL pinning – the deployment of its certificate.

Burp Suite Mobile Assistant

Burp Suite Mobile Assistant

By the way, with Burp Suite MobileAssistant, you can find any OWASP Mobile vulnerabilities.


This software may be considered the most effective and popular web product to perform security testing. Its usage is an opportunity to test software in non-standard ways that can present in-depth views of visible and hidden vulnerabilities of the developed software.

The Mobile version for iOS provides the option to perform various tests to check applications of smartphones and gadgets.

Leave A Comment