How to make a Burp extension

In this crafting episode of the Exploring Information Security podcast, Paul Johnston Customer Champion at Portswigger joins me to discuss how to make a Burp extension.

Paul (@paulpaj) wrote a blog post on how to make a successful burp extension and get it published in the Burp Store. A lot of the recommendations in the article are from Paul's experience handling extension submissions for the Burp Store.

In this episode we discuss:

  • What is the process for extension approval?
  • What is Burp Suite?
  • How does someone make an extension?

What is Practical Web Applicaiton Penetration Testing?

In this educational edition of the Exploring Information Security podcast, Tim Tomes joins me to discuss Practical Web Application Pentration Testing (PWAPT) training.

Tim (@LaNMaSteR53) is one of the leading names within the application security field. A former instructor for many organizations, he wanted to do more with training. He wanted to provide attendees to training with more hands on work. Get into an application, exploit it, and then provide remediation steps. He came up with the PWAPT training.

In this episode we discuss

  • How the idea for the training came about
  • Why the training is important
  • Who should attend the training
  • What makes this training unique

When not to use Burp Suite

In this gassy edition of the Exploring Information Security podcast, James Green joins me to discuss when not to use Burp Suite. 

James (@Greenjam94) is a member of the MISec community and recently gave a talk about why not to use Burp Suite. Being in application security this was a topic I had interest in. Unfortunately, the presentation was not recorded. I decided to take matters into my own hands and have James on the show to discuss this topic.

In this episode we discuss

  • What is Burp Suite?
  • How is Burp used
  • Why Burp shouldn't be use
  • When to use Burp