Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Elevating Web Security Testing with Burpsuite B...

BreachForce
February 03, 2024
Technology
0
28

Elevating Web Security Testing with Burpsuite BChecks

Title: Elevating Web Security Testing with BurpSuite BChecks
Presenter: Kaustubh Rai
Event: Breachforce CyberSecurity Cohort
Talk Date: 3rd February 2024

In this presentation, Kaustubh Rai unveils advanced techniques to enhance web security testing using BurpSuite BChecks, along with an exclusive demonstration of his proprietary tool, Rahasya. Rahasya is designed for seamless and efficient secret scanning within code repositories, making it an indispensable resource for security professionals. The slides offer a comprehensive overview of how to leverage BurpSuite's capabilities, combined with the innovative features of Rahasya, to identify and mitigate vulnerabilities effectively. These insights will improve upon your approach to web security.

BreachForce

February 03, 2024
Tweet

More Decks by BreachForce

See All by BreachForce
Active Directory Security Workshop by Chirag Savla
breachforce
0
25
Art of Smuggling HTTP Requests
breachforce
0
3
COOL RECON TECHNIQUES EVERY HACKER MISSES
breachforce
0
11
Can Request Encryption Fix Your Web Apps?
breachforce
0
12
iOS App Pentesting Discover Exploit Secure
breachforce
0
4
Phone Systems and their security
breachforce
0
8
Cybersecurity for Satellites by Jaden Furtado
breachforce
0
9
Nmap in Depth by Nathaniel Fernandes
breachforce
0
4
Understanding SOC: The heartbeat of Cybersecurity and Network Infrastructure
breachforce
0
5

Other Decks in Technology

See All in Technology
今はまだ小さい東京ガス内製開発チームが、これからもKubernetesと共に歩み続けるために
yussugi
2
270
JAWS UG 青森(弘前)クラウド・AWS入門
hiragahh
0
160
Storybook との上手な向き合い方を考える
re_taro
5
4.2k
あなたの知らない Function.prototype.toString() の世界
mizdra
PRO
4
2.8k
Chasing the White Whale of Open Source - ROI
mrbobbytables
0
150
50以上のマイクロサービスを支えるアプリケーションプラットフォームの設計・構築の後悔と進化 #CNDW2024 / regrets and evolution of application platform
toshi0607
5
390
SRE×AIOpsを始めよう!GuardDutyによるお手軽脅威検出
amixedcolor
1
290
レガシーシステムへのDatadog APM導入奮闘記
mtakeya4062
0
120
2024年のAmazon Bedrockアップデート一挙おさらい 〜まだ間に合う! re:Invent直前までの重大ニュースを速習しよう〜
minorun365
PRO
3
130
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
250
ヤプリのデータカタログ整備 1年間の歩み / Progress of Building a Data Catalog at Yappli
yamamotoyuta
3
280
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
2.5k

Featured

See All Featured
A Tale of Four Properties
chriscoyier
156
23k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
How GitHub (no longer) Works
holman
310
140k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Being A Developer After 40
akosma
87
590k
Imperfection Machines: The Place of Print at Facebook
scottboms
265
13k
Practical Orchestrator
shlominoach
186
10k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.3k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.3k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k

Transcript

  1. BChecks - by Kaustubh

  2. MAIN TOPICS POINTS TO TALK ABOUT BChecks, why it matters

    to me ?

  3. • Widely used by both Red Teamers and Blue Teamers

    • Essential for day-to-day security operations Burp Suite: A Staple in Security Testing

  4. The Challenge: Remembering Test Cases • Keeping track of specific

    test cases and notes • The risk of relying on memory in high-pressure situations

  5. BChecks: Automation to the Rescue • Capture the minutiae often

    missed under tight deadlines • Automate repetitive and specific test cases

  6. The Power of BChecks Automate tests for everything from response

    headers to background JavaScript Reduce memory overhead with multiple BChecks per extension

  7. Continuous Testing with BChecks Runs alongside your testing, with issues

    displayed on the dashboard Continuously analyze requests piled up in proxy history

  8. • Extensively test individual requests • Refine BChecks for precise

    issue reporting Fine-Tuning BChecks for Precision

  9. The Advantages of BChecks • Simplifies and streamlines security testing

    processes • Allows for a focus on critical vulnerabilities with less effort

  10. Questions?

  11. no burp pro? caido! currently bchecks is only for burp

    pro 😞 caido is similar to burpsuite, and in v0.32.1 they have something similar to bchecks called workflows

  12. RAHASYA Secret Scanning Tool - by Kaustubh

  13. Key Features

  14. Automation-Tool for Secret Scanning Combining various tools for secret scanning

    into one, for diverse day-to-day tasks.

  15. Gitleaks • simple SAST tool to detect hardcoded stuff •

    extensively updated with new regexes TruffleHog Detect Secrets Key Features • scans verified and unverified commits • over 700 credentials detector • for enterprise clients • backwards compatible • multiple plugins that checks for enterprise level. on by default

  16. Git Guardian Talisman Key Features • Github’s own secret scanner

    • requires api key ¯\_(ツ)_/¯ • scan all the things that every scanner has, and it scans for git changesets • scans every commit, scraped commit history, all that stuff • report will be shown in a presentable html format

  17. Getting Started

  18. Customization & Support • ggshield api key can be added,

    other tools older/newer version can be used. • Tool can be customized to by simply editing the dockerfile

  19. ggshield api key tools versioning

  20. FAQS