I am not sure why some of us are ignoring that this exam is clearly about working with "Burp Suite" to become "Burp Suite Certified Practitioner".
Web Academy is free if you just want to learn; IMHO doing all web academy labs is even more important than the cert itself.
There are certain things that you can't do without the pro version like DNS exfil on their generic collab server.
In the end of the day, I think this cert wants to sell the product for them as well while you can also use it to show your skills.
Dec 23, 2020 • 4 tweets • 11 min read
Almost there, tomorrow I will publish the last but probably less serious tips then we can unroll it 🎅 hopefully others will do a similar short-continues note sharing in the future so we can see overlooked/secret stuffs.
Some good candidates from different worlds that quickly come to my mind🤩👀:
Dec 11, 2020 • 26 tweets • 17 min read
From now until Christmas, I will try to share something from my notes / research every day - most of them are old but might still be useful to remember #XMas2020#AppSec#Web#HTTP
"max-forwards" http header:
- limit the number of proxies a request can traverse.
- not hop-by-hop
- can't go in the Trailer header
