Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Elevating Web Security Testing with Burpsuite B...

BreachForce
February 03, 2024
Technology
0
27

Elevating Web Security Testing with Burpsuite BChecks

Title: Elevating Web Security Testing with BurpSuite BChecks
Presenter: Kaustubh Rai
Event: Breachforce CyberSecurity Cohort
Talk Date: 3rd February 2024

In this presentation, Kaustubh Rai unveils advanced techniques to enhance web security testing using BurpSuite BChecks, along with an exclusive demonstration of his proprietary tool, Rahasya. Rahasya is designed for seamless and efficient secret scanning within code repositories, making it an indispensable resource for security professionals. The slides offer a comprehensive overview of how to leverage BurpSuite's capabilities, combined with the innovative features of Rahasya, to identify and mitigate vulnerabilities effectively. These insights will improve upon your approach to web security.

BreachForce

February 03, 2024
Tweet

More Decks by BreachForce

See All by BreachForce
Active Directory Security Workshop by Chirag Savla
breachforce
0
20
Art of Smuggling HTTP Requests
breachforce
0
3
COOL RECON TECHNIQUES EVERY HACKER MISSES
breachforce
0
9
Can Request Encryption Fix Your Web Apps?
breachforce
0
11
iOS App Pentesting Discover Exploit Secure
breachforce
0
3
Phone Systems and their security
breachforce
0
8
Cybersecurity for Satellites by Jaden Furtado
breachforce
0
5
Nmap in Depth by Nathaniel Fernandes
breachforce
0
3
Understanding SOC: The heartbeat of Cybersecurity and Network Infrastructure
breachforce
0
4

Other Decks in Technology

See All in Technology
よくわからんサービスについての問い合わせが来たときの強い味方 Amazon Q について
kazzpapa3
0
180
WHOLENESS, REPAIRING, AND TO HAVE FUN: 全体性、修復、そして楽しむこと
snoozer05
PRO
3
6.3k
Autify Company Deck
autifyhq
1
39k
入門『状態』#kaigionrails / "state" for beginners with Rails
shinkufencer
2
830
AWSコンテナ本出版から3年経った今、もし改めて執筆し直すなら / If I revise our container book
iselegant
13
3.5k
チームを主語にしてみる / Making "Team" the Subject
ar_tama
3
260
サイロ化した金融システムを、packwerk を利用して無事故でリファクタリングした話
coincheck_recruit
3
3.6k
Capybara+生成AIでどこまで本当に自然言語のテストを書けるか?
yusukeiwaki
6
1.3k
端末が簡単にリモートから操作されるデモを通じて ソフトウェアサプライチェーン攻撃対策の重要性を理解しよう
kitaji0306
0
170
一休.comレストランにおけるRustの活用
kymmt90
3
440
で、ValhallaのValue Classってどうなったの?
skrb
1
620
Java x Spring Boot Warm up
kazu_kichi_67
2
460

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
32
1.8k
Testing 201, or: Great Expectations
jmmastey
38
7k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Done Done
chrislema
181
16k
A Modern Web Designer's Workflow
chriscoyier
692
190k
Optimizing for Happiness
mojombo
376
69k
RailsConf 2023
tenderlove
29
870
Why You Should Never Use an ORM
jnunemaker
PRO
53
9k
Code Review Best Practice
trishagee
64
17k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
7.9k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k

Transcript

  1. BChecks - by Kaustubh

  2. MAIN TOPICS POINTS TO TALK ABOUT BChecks, why it matters

    to me ?

  3. • Widely used by both Red Teamers and Blue Teamers

    • Essential for day-to-day security operations Burp Suite: A Staple in Security Testing

  4. The Challenge: Remembering Test Cases • Keeping track of specific

    test cases and notes • The risk of relying on memory in high-pressure situations

  5. BChecks: Automation to the Rescue • Capture the minutiae often

    missed under tight deadlines • Automate repetitive and specific test cases

  6. The Power of BChecks Automate tests for everything from response

    headers to background JavaScript Reduce memory overhead with multiple BChecks per extension

  7. Continuous Testing with BChecks Runs alongside your testing, with issues

    displayed on the dashboard Continuously analyze requests piled up in proxy history

  8. • Extensively test individual requests • Refine BChecks for precise

    issue reporting Fine-Tuning BChecks for Precision

  9. The Advantages of BChecks • Simplifies and streamlines security testing

    processes • Allows for a focus on critical vulnerabilities with less effort

  10. Questions?

  11. no burp pro? caido! currently bchecks is only for burp

    pro 😞 caido is similar to burpsuite, and in v0.32.1 they have something similar to bchecks called workflows

  12. RAHASYA Secret Scanning Tool - by Kaustubh

  13. Key Features

  14. Automation-Tool for Secret Scanning Combining various tools for secret scanning

    into one, for diverse day-to-day tasks.

  15. Gitleaks • simple SAST tool to detect hardcoded stuff •

    extensively updated with new regexes TruffleHog Detect Secrets Key Features • scans verified and unverified commits • over 700 credentials detector • for enterprise clients • backwards compatible • multiple plugins that checks for enterprise level. on by default

  16. Git Guardian Talisman Key Features • Github’s own secret scanner

    • requires api key ¯\_(ツ)_/¯ • scan all the things that every scanner has, and it scans for git changesets • scans every commit, scraped commit history, all that stuff • report will be shown in a presentable html format

  17. Getting Started

  18. Customization & Support • ggshield api key can be added,

    other tools older/newer version can be used. • Tool can be customized to by simply editing the dockerfile

  19. ggshield api key tools versioning

  20. FAQS