Professional Community

Analyzing the attack surface with Burp Suite

While you map the application, you can use a range of Burp tools to help you analyze your findings. This enables you to identify key attack surface. You can use this information to plan your approach for auditing the application.

For example, the following tools are useful when analyzing the attack surface:

The Target analyzer can give you an idea of the size and complexity of your target.
Proxy history and the Target site map enable you to quickly view information that Burp captures about the application.
Burp Organizer enables you to store and annotate HTTP messages.

Tutorials in this section

Scoping the effort to audit a website
Identifying high-risk functionality.
Identifying supported HTTP methods
Checking for hidden inputs
Evaluating inputs
Analyzing opaque data