| Search Security: How to configure browsers to avoid web cache poisoning |
November 10, 2018 |
| PWC Private Business Awards Finalist 2018: PortSwigger Web Security |
September 12, 2018 |
| Softpedia: OAuth Exploit Allowed Researcher to Takeover Periscope TV Account |
September 10, 2018 |
| The Register: Web cache poisoning just got real: How to fling evil code at victims |
August 17, 2018 |
| Web cache poisoning attacks demonstrated on major websites, platforms |
August 10, 2018 |
| Dark Reading: New Hack Weaponizes the Web Cache |
June 12, 2018 |
| PortSwigger's James Kettle talks about making money through bug bounties |
April 13, 2018 |
| Sunday Times: Portswigger rank in the Sunday Times Lloyds SME Export Track 100 |
February 25, 2018 |
| HackerOne Hacker Interviews: James Kettle (@albinowax) |
January 26, 2018 |
| eWeek: Bug Bounty Hackers Make More Money Than Average Salaries, Report Finds |
January 22, 2018 |
| Burp Suite 1.7.30: New granular configuration of scan issues. |
December 12, 2017 |
| Blog post: The Daily Swig |
November 28, 2017 |
| Burp Suite 1.7.28: Simplified scope control |
November 15, 2017 |
| Sunday Times: PortSwigger features in Tech Track 100 Ones to Watch |
September 10, 2017 |
| Blog post: Abusing JavaScript frameworks to bypass XSS mitigations |
September 8, 2017 |
| Wired: Hacking retail gift cards remains scarily easy, using Burp Suite |
August 31, 2017 |
| FirstPost: Burp Suite reveals Sarahah is uploading user information |
August 28, 2017 |
| ZDNet: How we found that hidden Apple job listing using Burp Suite |
August 21, 2017 |
| The Register: US DoD, Brit ISP BT reverse proxies can be abused to frisk internal systems |
August 19, 2017 |
| Google pays high school student $10,000 for security flaw found using Burp Suite |
August 11, 2017 |
| Burp Suite 1.7.26: New scan checks for file upload vulnerabilities |
August 3, 2017 |
| Blog post: Cracking the Lens: Targeting HTTP's Hidden Attack-Surface |
July 27, 2017 |
| Burp Suite 1.7.25: New scan checks using out-of-band detection techniques |
July 26, 2017 |
| Burp Suite 1.7.24: New function to save copy of project |
July 18, 2017 |
| Blog post: OAST (Out-of-band Application Security Testing) |
July 14, 2017 |
| Blog post: Behind enemy lines: Bug hunting with Burp Infiltrator |
June 22, 2017 |
| Dark Reading: PortSwigger researcher previews flaws in hidden web infrastructure |
June 19, 2017 |
| Burp Suite 1.7.23. Several new scan checks including CSS injection and form action hijacking |
May 22, 2017 |
| Blog post: DOM based AngularJS sandbox escapes |
May 11, 2017 |
| Burp Suite 1.7.22. New Mobile Assistant app |
April 28, 2017 |
| Burp Suite 1.7.20. Enhanced detection of blind injection vulnerabilities |
April 6, 2017 |
| HackerOne's number 3 hacker loves Burp Suite |
April 4, 2017 |
| Code Dx Announces Integration with Burp Suite |
March 21, 2017 |
| InfoSec Institute: Burp Suite named top web scanner |
March 14, 2017 |
| Burp Suite 1.7.18: New option not to log out-of-scope requests |
February 28, 2017 |
| Burp Suite 1.7.17: New scan check for suspicious input transformation |
February 1, 2017 |
| HackerOne: top hacker Mark Litchfield uses Burp Suite as his tool of choice |
January 27, 2017 |
| HackerOne: Q&A With PortSwigger's James Kettle about bug bounties, exploit stories, and more |
January 19, 2017 |
| Burp Suite 1.7.15: Custom wordlists and accurate not-found detection in Content Discovery tool |
December 21, 2016 |
| Blog post: Bypassing CSP using polyglot JPEGs |
December 1, 2016 |
| Blog post: PortSwigger bug bounty program |
November 30, 2016 |
| Blog post: JSON hijacking for the modern web |
November 25, 2016 |
| Burp Suite 1.7.12: Adds SMTP support to Burp Collaborator, and new SMTP scan checks |
November 18, 2016 |
| Blog post: Backslash Powered Scanning: Hunting Unknown Vulnerability Classes |
November 4, 2016 |
| Burp Suite 1.7.09: New Burp Collaborator client |
October 21, 2016 |
| Blog post: Exploiting CORS Misconfigurations for Bitcoins and Bounties |
October 14, 2016 |
| Burp Suite 1.7.06: New checks for second-order SQL injection |
September 8, 2016 |
| Blog post: Introducing Burp Infiltrator |
July 26, 2016 |
| Blog post: Executing non-alphanumeric JavaScript without parenthesis |
July 15, 2016 |
| Blog post: Adapting AngularJS Payloads to Exploit Real World Applications |
April 25, 2016 |
| Blog post: Introducing Burp projects |
April 8, 2016 |
| Blog post: Using Burp Suite to Audit and Exploit an eCommerce Application |
March 22, 2016 |
| Blog post: XSS without HTML: Client-Side Template Injection with AngularJS |
January 27, 2016 |
| Burp Suite 1.6.33: New scan checks for blind XSS via Burp Collaborator |
January 13, 2016 |
