Burp Suite is a powerful integrated platform for web application security. In this hands-on class, attendees will learn how to design and develop Burp Suite extensions for a variety of tasks. In just few hours, we will work on plugins to improve manual security testing efforts as well as to create fully-automated security tools. This workshop is based on real-life use cases where the extension capabilities of the tool can be unleashed to improve efficiency and effectiveness of security auditing. As an attendee, you will bring home a full bag of tricks that will take your web security skills to the next level.
Audience: Suitable for both web application security specialists and developers. Attendees are expected to have rudimental understanding of Burp Suite as well as basic object-oriented programming experience (Burp Extensions will be developed in Java).
Luca Carettoni is a security researcher with over 12 years of experience inthe application security field. At LinkedIn, he leads a team responsible for identifying new security vulnerabilities in applications, infrastructure and open source components. Prior to that, Luca worked as the Director of Information Security at Addepar, a company that is reinventing global wealth management. Proud to be a Matasano Security alumni, he was a penetration tester for most of his career. Since many years, he has been an active participant in the security community and a member of the Open Web Application Security Project (OWASP). Luca holds a Master's Degree in Computer Engineering from the Politecnico di Milano University.