SlideShare a Scribd company logo

Elevate Your Application Security Program with Burp Suite and ThreadFix

Denim Group, profile picture
Denim Group

The document discusses the integration of Burp Suite Pro and ThreadFix to enhance application security programs. It outlines the features of ThreadFix, including vulnerability consolidation and prioritization, as well as the hybrid analysis and testing capabilities provided by Burp Suite Pro. The focus is on creating a streamlined vulnerability management process within development operations (DevOps).

Technology
1 of 38
Downloaded 31 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
© 2017 Denim Group – All Rights Reserved Elevate Your Application Security Program with BurpSuite Pro and ThreadFix July 18th, 2017 Dan Cornell, CTO, Denim Group Dafydd Stuttard, Director, PortSwigger Web Security
© 2017 Denim Group – All Rights Reserved Agenda 1
© 2017 Denim Group – All Rights Reserved Agenda • BurpSuite Pro Background and Demo • ThreadFix Background • BurpSuite Pro and ThreadFix Together 2
© 2017 Denim Group – All Rights Reserved BurpSuite Pro Background and Demo 3
© 2017 Denim Group – All Rights Reserved ThreadFix Background 4
© 2017 Denim Group – All Rights Reserved ThreadFix Overview • Create a consolidated view of your applications and vulnerabilities • Prioritize application risk decisions based on data • Translate vulnerabilities to developers in the tools they are already using 5
© 2017 Denim Group – All Rights Reserved ThreadFix Overview 6
© 2017 Denim Group – All Rights Reserved Create a consolidated view of your applications and vulnerabilities 7
© 2017 Denim Group – All Rights Reserved Application Portfolio Tracking 8
© 2017 Denim Group – All Rights Reserved Vulnerability Consolidation 9
© 2017 Denim Group – All Rights Reserved Prioritize application risk decisions based on data 10
© 2017 Denim Group – All Rights Reserved Vulnerability Prioritization 11
© 2017 Denim Group – All Rights Reserved Prioritization with Hotspot 12
© 2017 Denim Group – All Rights Reserved Reporting and Metrics 13
© 2017 Denim Group – All Rights Reserved Translate vulnerabilities to developers in the tools they are already using 14
© 2017 Denim Group – All Rights Reserved Defect Tracker Integration 15
© 2017 Denim Group – All Rights Reserved BurpSuite Pro and ThreadFix Together 16
© 2017 Denim Group – All Rights Reserved Hybrid Analysis Mapping • Merge BurpSuite Pro scan results with the results of SAST • Soon: Better imports of Burp Infiltrator for IAST/HAM-like capabilities 17
© 2017 Denim Group – All Rights Reserved ThreadFix ScanAgent • Drive BurpSuite Pro automated scanning from ThreadFix • One-time scans • Scheduled scans • CI/CD integration 18
© 2017 Denim Group – All Rights Reserved Secure DevOps with ThreadFix • What does your pipeline look like? http://www.slideshare.net/mtesauro/mtesauro-keynote-appseceu http://www.slideshare.net/denimgroup/rsa2015-blending- theautomatedandthemanualmakingapplicationvulnerabilitymanagementyourally https://blog.samsungsami.io/development/security/2015/06/16/getting-security-up-to-speed.html 19
© 2017 Denim Group – All Rights Reserved AppSec Testing for DevOps • Configuring Testing Policies • AppSec Testing for DevOps in Action 20
© 2017 Denim Group – All Rights Reserved Policy Configuration • Testing • Synchronous • Asynchronous • Decision • Reporting Blog Post: Effective Application Security Testing in DevOps Pipelines http://www.denimgroup.com/blog/2016/12/effective-application-security-testing-in-devops-pipelines/ https://www.denimgroup.com/resources/effective-application-security-for-devops/ 21
© 2017 Denim Group – All Rights Reserved Testing Configuration 22
© 2017 Denim Group – All Rights Reserved Testing Configuration 23
© 2017 Denim Group – All Rights Reserved Decision Configuration 24
© 2017 Denim Group – All Rights Reserved Decision Configuration 25
© 2017 Denim Group – All Rights Reserved Reporting Configuration 26
© 2017 Denim Group – All Rights Reserved Reporting Configuration 27
© 2017 Denim Group – All Rights Reserved Reporting Configuration 28
© 2017 Denim Group – All Rights Reserved Reporting Configuration 29
© 2017 Denim Group – All Rights Reserved Testing in Action 30
© 2017 Denim Group – All Rights Reserved Testing in Action 31
© 2017 Denim Group – All Rights Reserved Testing in Action 32
© 2017 Denim Group – All Rights Reserved Testing in Action 33
© 2017 Denim Group – All Rights Reserved Testing in Action 34
© 2017 Denim Group – All Rights Reserved Testing in Action 35
© 2017 Denim Group – All Rights Reserved Testing in Action 36
© 2017 Denim Group – All Rights Reserved @denimgroup www.threadfix.it www.denimgroup.com @Burp_Suite www.portswigger.net 37

More Related Content

PDF
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
Denim Group
 
PDF
Create a Unified View of Your Application Security Program – Black Duck Hub a...
Denim Group
 
ODP
OWASP WTE - Now in the Cloud!
Matt Tesauro
 
PDF
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon
 
PPTX
Security Testing with Zap
Soluto
 
PPTX
Security testautomation
Linkesh Kanna Velu
 
PDF
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
PPTX
Continuous Security Testing with Devops - OWASP EU 2014
Stephen de Vries
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
Denim Group
 
Create a Unified View of Your Application Security Program – Black Duck Hub a...
Denim Group
 
OWASP WTE - Now in the Cloud!
Matt Tesauro
 
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon
 
Security Testing with Zap
Soluto
 
Security testautomation
Linkesh Kanna Velu
 
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
Continuous Security Testing with Devops - OWASP EU 2014
Stephen de Vries
 

What's hot (20)

PPTX
Syntribos API Security Test Automation
Matthew Valdes
 
PPTX
Automating security tests for Continuous Integration
Stephen de Vries
 
PDF
Threat modeling with architectural risk patterns
Stephen de Vries
 
PDF
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
Lewis Ardern
 
PDF
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon
 
PDF
OWASP Portland - OWASP Top 10 For JavaScript Developers
Lewis Ardern
 
KEY
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
PDF
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Christian Schneider
 
PDF
BSides Leeds - Performing JavaScript Static Analysis
Lewis Ardern
 
PDF
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
Abhay Bhargav
 
PPTX
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
 
PPTX
Manual JavaScript Analysis Is A Bug
Lewis Ardern
 
PPTX
Elizabeth Lawler - Devops, security, and compliance working in unison
DevSecCon
 
PPT
OWASP WebGoat and PANTERA Web Assessment Studio Project.
Philippe Bogaerts
 
PDF
Securing Serverless - By Breaking In
Guy Podjarny
 
PPTX
[Wroclaw #5] OWASP Projects: beyond Top 10
OWASP
 
PPTX
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Lohika_Odessa_TechTalks
 
PDF
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
PPTX
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
CloudVillage
 
PPTX
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
Syntribos API Security Test Automation
Matthew Valdes
 
Automating security tests for Continuous Integration
Stephen de Vries
 
Threat modeling with architectural risk patterns
Stephen de Vries
 
AppSec Tel Aviv - OWASP Top 10 For JavaScript Developers
Lewis Ardern
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon
 
OWASP Portland - OWASP Top 10 For JavaScript Developers
Lewis Ardern
 
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Christian Schneider
 
BSides Leeds - Performing JavaScript Static Analysis
Lewis Ardern
 
An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...
Abhay Bhargav
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
 
Manual JavaScript Analysis Is A Bug
Lewis Ardern
 
Elizabeth Lawler - Devops, security, and compliance working in unison
DevSecCon
 
OWASP WebGoat and PANTERA Web Assessment Studio Project.
Philippe Bogaerts
 
Securing Serverless - By Breaking In
Guy Podjarny
 
[Wroclaw #5] OWASP Projects: beyond Top 10
OWASP
 
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Lohika_Odessa_TechTalks
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
Your Blacklist is Dead: Why the Future of Command and Control is the Cloud
CloudVillage
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Ajin Abraham
 
Ad

Similar to Elevate Your Application Security Program with Burp Suite and ThreadFix (20)

PDF
ThreadFix 2.5 Webinar
Denim Group
 
PDF
How to Integrate AppSec Testing into your DevOps Program
Denim Group
 
PDF
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group
 
PDF
Enabling Developers in Your Application Security Program With Coverity and Th...
Denim Group
 
PDF
Enabling Developers in Your Application Security Program With Coverity and Th...
Denim Group
 
PDF
Monitoring Attack Surface to Secure DevOps Pipelines
Denim Group
 
PDF
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Denim Group
 
PDF
Secure DevOps with ThreadFix 2.3
Denim Group
 
PDF
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Denim Group
 
PDF
ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
Denim Group
 
PDF
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Denim Group
 
PDF
A New View of Your Application Security Program with Snyk and ThreadFix
Denim Group
 
PDF
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
Denim Group
 
PPTX
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Denim Group
 
PDF
ThreadFix 2.1 and Your Application Security Program
Denim Group
 
PDF
ThreadFix 2.2 Preview Webinar with Dan Cornell
Denim Group
 
PDF
Application Asset Management with ThreadFix
Denim Group
 
PDF
AppSec in a World of Digital Transformation
Denim Group
 
PDF
AppSec in a World of Digital Transformation
Denim Group
 
PDF
An OWASP SAMM Perspective on Serverless Computing
Denim Group
 
ThreadFix 2.5 Webinar
Denim Group
 
How to Integrate AppSec Testing into your DevOps Program
Denim Group
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Denim Group
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Denim Group
 
Monitoring Attack Surface to Secure DevOps Pipelines
Denim Group
 
Running a Comprehensive Application Security Program with Checkmarx and Threa...
Denim Group
 
Secure DevOps with ThreadFix 2.3
Denim Group
 
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...
Denim Group
 
ThreadFix 2.4: Maximizing the Impact of Your Application Security Resources
Denim Group
 
Assessing Business Operations Risk With Unified Vulnerability Management in T...
Denim Group
 
A New View of Your Application Security Program with Snyk and ThreadFix
Denim Group
 
ThreadFix and SD Elements Unifying Security Requirements and Vulnerability Ma...
Denim Group
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Denim Group
 
ThreadFix 2.1 and Your Application Security Program
Denim Group
 
ThreadFix 2.2 Preview Webinar with Dan Cornell
Denim Group
 
Application Asset Management with ThreadFix
Denim Group
 
AppSec in a World of Digital Transformation
Denim Group
 
AppSec in a World of Digital Transformation
Denim Group
 
An OWASP SAMM Perspective on Serverless Computing
Denim Group
 
Ad

More from Denim Group (19)

PDF
Long-term Impact of Log4J
Denim Group
 
PDF
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
PDF
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
PDF
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Denim Group
 
PDF
OWASP San Antonio Meeting 10/2/20
Denim Group
 
PDF
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
PDF
Using Collaboration to Make Application Vulnerability Management a Team Sport
Denim Group
 
PDF
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Denim Group
 
PDF
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
PDF
An Updated Take: Threat Modeling for IoT Systems
Denim Group
 
PDF
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
PDF
Enumerating Enterprise Attack Surface
Denim Group
 
PDF
Enumerating Enterprise Attack Surface
Denim Group
 
PDF
Optimize Your Security Program with ThreadFix 2.7
Denim Group
 
PDF
Application Security Testing for a DevOps Mindset
Denim Group
 
PDF
Reducing Attack Surface in Budget Constrained Environments
Denim Group
 
PDF
Securing Voting Infrastructure before the Mid-Term Elections
Denim Group
 
PDF
Threat Modeling for IoT Systems
Denim Group
 
PDF
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 
Long-term Impact of Log4J
Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Denim Group
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Denim Group
 
OWASP San Antonio Meeting 10/2/20
Denim Group
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
Using Collaboration to Make Application Vulnerability Management a Team Sport
Denim Group
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
An Updated Take: Threat Modeling for IoT Systems
Denim Group
 
The As, Bs, and Four Cs of Testing Cloud-Native Applications
Denim Group
 
Enumerating Enterprise Attack Surface
Denim Group
 
Enumerating Enterprise Attack Surface
Denim Group
 
Optimize Your Security Program with ThreadFix 2.7
Denim Group
 
Application Security Testing for a DevOps Mindset
Denim Group
 
Reducing Attack Surface in Budget Constrained Environments
Denim Group
 
Securing Voting Infrastructure before the Mid-Term Elections
Denim Group
 
Threat Modeling for IoT Systems
Denim Group
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Denim Group
 

Recently uploaded (20)

PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPT
Teaching material agriculture food technology
LiaRayya
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
A Presentation on Artificial Intelligence
memembruh336
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Cloud computing and distributed systems.
kkkkkhan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Approach and Philosophy of On baking technology
30anthuong17
 
Encapsulation theory and applications.pdf
gurumoop
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Teaching material agriculture food technology
LiaRayya
 

Elevate Your Application Security Program with Burp Suite and ThreadFix

  • 1. © 2017 Denim Group – All Rights Reserved Elevate Your Application Security Program with BurpSuite Pro and ThreadFix July 18th, 2017 Dan Cornell, CTO, Denim Group Dafydd Stuttard, Director, PortSwigger Web Security
  • 2. © 2017 Denim Group – All Rights Reserved Agenda 1
  • 3. © 2017 Denim Group – All Rights Reserved Agenda • BurpSuite Pro Background and Demo • ThreadFix Background • BurpSuite Pro and ThreadFix Together 2
  • 4. © 2017 Denim Group – All Rights Reserved BurpSuite Pro Background and Demo 3
  • 5. © 2017 Denim Group – All Rights Reserved ThreadFix Background 4
  • 6. © 2017 Denim Group – All Rights Reserved ThreadFix Overview • Create a consolidated view of your applications and vulnerabilities • Prioritize application risk decisions based on data • Translate vulnerabilities to developers in the tools they are already using 5
  • 7. © 2017 Denim Group – All Rights Reserved ThreadFix Overview 6
  • 8. © 2017 Denim Group – All Rights Reserved Create a consolidated view of your applications and vulnerabilities 7
  • 9. © 2017 Denim Group – All Rights Reserved Application Portfolio Tracking 8
  • 10. © 2017 Denim Group – All Rights Reserved Vulnerability Consolidation 9
  • 11. © 2017 Denim Group – All Rights Reserved Prioritize application risk decisions based on data 10
  • 12. © 2017 Denim Group – All Rights Reserved Vulnerability Prioritization 11
  • 13. © 2017 Denim Group – All Rights Reserved Prioritization with Hotspot 12
  • 14. © 2017 Denim Group – All Rights Reserved Reporting and Metrics 13
  • 15. © 2017 Denim Group – All Rights Reserved Translate vulnerabilities to developers in the tools they are already using 14
  • 16. © 2017 Denim Group – All Rights Reserved Defect Tracker Integration 15
  • 17. © 2017 Denim Group – All Rights Reserved BurpSuite Pro and ThreadFix Together 16
  • 18. © 2017 Denim Group – All Rights Reserved Hybrid Analysis Mapping • Merge BurpSuite Pro scan results with the results of SAST • Soon: Better imports of Burp Infiltrator for IAST/HAM-like capabilities 17
  • 19. © 2017 Denim Group – All Rights Reserved ThreadFix ScanAgent • Drive BurpSuite Pro automated scanning from ThreadFix • One-time scans • Scheduled scans • CI/CD integration 18
  • 20. © 2017 Denim Group – All Rights Reserved Secure DevOps with ThreadFix • What does your pipeline look like? http://www.slideshare.net/mtesauro/mtesauro-keynote-appseceu http://www.slideshare.net/denimgroup/rsa2015-blending- theautomatedandthemanualmakingapplicationvulnerabilitymanagementyourally https://blog.samsungsami.io/development/security/2015/06/16/getting-security-up-to-speed.html 19
  • 21. © 2017 Denim Group – All Rights Reserved AppSec Testing for DevOps • Configuring Testing Policies • AppSec Testing for DevOps in Action 20
  • 22. © 2017 Denim Group – All Rights Reserved Policy Configuration • Testing • Synchronous • Asynchronous • Decision • Reporting Blog Post: Effective Application Security Testing in DevOps Pipelines http://www.denimgroup.com/blog/2016/12/effective-application-security-testing-in-devops-pipelines/ https://www.denimgroup.com/resources/effective-application-security-for-devops/ 21
  • 23. © 2017 Denim Group – All Rights Reserved Testing Configuration 22
  • 24. © 2017 Denim Group – All Rights Reserved Testing Configuration 23
  • 25. © 2017 Denim Group – All Rights Reserved Decision Configuration 24
  • 26. © 2017 Denim Group – All Rights Reserved Decision Configuration 25
  • 27. © 2017 Denim Group – All Rights Reserved Reporting Configuration 26
  • 28. © 2017 Denim Group – All Rights Reserved Reporting Configuration 27
  • 29. © 2017 Denim Group – All Rights Reserved Reporting Configuration 28
  • 30. © 2017 Denim Group – All Rights Reserved Reporting Configuration 29
  • 31. © 2017 Denim Group – All Rights Reserved Testing in Action 30
  • 32. © 2017 Denim Group – All Rights Reserved Testing in Action 31
  • 33. © 2017 Denim Group – All Rights Reserved Testing in Action 32
  • 34. © 2017 Denim Group – All Rights Reserved Testing in Action 33
  • 35. © 2017 Denim Group – All Rights Reserved Testing in Action 34
  • 36. © 2017 Denim Group – All Rights Reserved Testing in Action 35
  • 37. © 2017 Denim Group – All Rights Reserved Testing in Action 36
  • 38. © 2017 Denim Group – All Rights Reserved @denimgroup www.threadfix.it www.denimgroup.com @Burp_Suite www.portswigger.net 37