Reproducing the vulnerabilities documented in a pentest report is a common engineering pain point. But aligning developer skills with the tooling used during the pentest can help confirm issues faster, and deploy fixes faster.
The Tools Of The Trade
BurpSuite (or “Burp”) is the industry standard framework for performing professional application penetration tests. For developers, there are a few key features that greatly improve on standard browser debuggers:
- Clearly view raw requests/response pairs.
- Replay (and modify) requests.
- Intercept (and modify) requests.