Burp Suite is more than an HTTP proxy; it is a complete set of tools for detecting and exploiting vulnerabilities. In fact, we will use Burp Suite to explain to developers how these vulnerabilities work in an approach that they can understand. In this chapter, we will focus on how to detect vulnerabilities using Burp Suite and some extensions. We will be covering the following topics:

• Detecting SQL injection flaws
• Detecting OS command injection
• Detecting cross-site scripting (XSS) vulnerabilities
• Detecting XML-related issues such as XML External Entity (XXE)
• Detecting Server-Side Template Injection (SSTI)
• Detecting Server-Side Request Forgery (SSRF)