Penetration testing workflow - PortSwigger

ProfessionalCommunity Edition

Penetration testing workflow

  • Last updated: October 29, 2024

  • Read time: 1 Minute

Burp Suite includes a range of automated and manual tools that you can use in your penetration testing workflow. The tutorials in this section are designed to teach you how to use Burp Suite to:

  1. Map your target application.
  2. Analyze the attack surface.
  3. Test for a range of vulnerabilities.

You can complete most of the tutorials as a stand-alone exercise. If you're just starting out, you can use the tutorials to get an overview of a typical penetration testing workflow. Otherwise you can select tutorials to learn how to combine different Burp tools to perform a specific task.

You can practice the processes outlined in most of the tutorials using our deliberately vulnerable website, ginandjuice.shop, or a deliberately vulnerable lab from the Web Security Academy. We provide a link to a suitable lab where necessary.

Note

Some of the tools used in this testing workflow are only available in Burp Suite Professional.

Tutorials

Was this article helpful?