GitHub - leejo/find_and_fix_with_burp_scanner: ‎Find and fix your web security vulnerabilities with Burp Scanner‎

leejo / find_and_fix_with_burp_scanner Public

Notifications You must be signed in to change notification settings
Fork 1
Star 1

‎Find and fix your web security vulnerabilities with Burp Scanner‎

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
img		img
t		t
.gitignore		.gitignore
HOWTO_burp_scanner.docx		HOWTO_burp_scanner.docx
OWASP_Top_10-2017_(en).pdf.pdf		OWASP_Top_10-2017_(en).pdf.pdf
README		README
lil_app		lil_app
lil_app.broken_top_ten		lil_app.broken_top_ten
lil_app.fixed		lil_app.fixed
lil_app.fixed.broken_again		lil_app.fixed.broken_again
lil_app.fixed.broken_again.fixed_again		lil_app.fixed.broken_again.fixed_again
lil_app.sql		lil_app.sql
lil_app.sqlite3		lil_app.sqlite3
presentation.html		presentation.html
run_lil_app.sh		run_lil_app.sh

Repository files navigation

A demonstration of a typical vulnerability scanner against a modern and not so
modern web app to demonstrate discovery of issues. We will use burp scanner for
scanning, issues that it can discover, how to fix those. We will also briefly
look at open source alternatives to Burp

Please note the example apps here are not to be taken as good examples of code
as they *intentionally* contain security issues to demonstrate the scanner and
even the "fixed" versions are not actually fixed (for example the password is
not hashed/salted/encrypted in the database)