1.1 Course Introduction and Objectives

00:00

Welcome to an introduction of burps. We professional. I'm daring in Gary.

00:06

A quick overview of how the course is structured.

00:09

The first module will be introduction in overview of the actual course. And second module is how you configure the tool and the basic functionality. And the module three were scanning actual lab with actual live website on the Internet.

00:22

And this is a real sight. It's it's a demo site. You don't have to worry about doing anything illegal. You're not You're not hacking anything or no one's gonna come looking for you.

00:30

And the fourth module is a conclusion.

00:34

Module went intro

00:36

get my name is daring and Gary on the C I c i S s p e c C s k got an MBA would focus on info sec back in December 2010. I have over 24 years of experience in From a Security On currently reside in Washington, D. C. And I have a small consulting firm called the Focus Group and we do

00:56

scanning any activity, all types of compliance activity. Well, it's, you know, fisma, J l b a. All those types of things, so we do a little bit everything. Penetration, testing. So if you get a chance to look us up,

01:11

the purpose of this course is to allow secure professionals or anyone with interesting Web security to be able to use verbs Sweet, quickly and in. What we basically want to accomplish is how you can pretty much run a Web scan pretty quickly generated report. This course does not go into some of the more advanced features. A bird sweet,

01:30

which is all, which are also pretty cool things like intruder repeater, sequencer, decoder.

01:36

Things like that. We will do a more advanced course to go into take to go into to those to those items. I think that getting barb set up and understand the basic functionalities pretty critical first, before you dive into, you know, some of some of the deeper something deeper in

01:52

objective of the game and just a quick primer for burps. We professional so you can, ah, kick off a quick scan and generally important understand the basis of the tool. The tool is from a company called Post Wigger. You can access them a pole swiger dot net,

02:07

and I want you to understand a few records is of how to install the software. And also we would generate a basic report that comes from the scan and one of things. Keep in mind if you're done with scanning before with some of them or expensive tools. Things like IBM askin Akwa Next Weapon's spec.

02:23

Try to keep in mind how Doesburg compared to those tools and vice versa.

02:28

Um, I think it could compare. It's fairly favorable And, um, you know, that's pretty much what I decide to, you know, to use it and do a quick course on it.

02:37

Target Ordinance again.

02:38

Cyber professionals, Web developers, Anyone responsible for securing websites. Uh, regardless of what type of website it ISS and just intellectually curious

02:49

prerequisites. You have to have access to the Internet because we will be doing a live scan, as I mentioned earlier, and hopefully you have already downloaded to tool in quarter, 30 day trial license. Um, normally, I'm in my experience. It probably takes a maybe a day or so to sing your license. So, you know, it's just it's not terribly long, like some places, and

03:08

I want you to have a basic understanding Web Web applications for runnin middleware back in thanks along those lines. And also, how do you configure your Web browser for a proxy? Whether it's AII Safari Chrome, uh, whatever you use, it's a basic understanding of how you get into the settings and configure it for

03:28

fracture. Where? Proxy? That's kind of how Bert work

03:30

X.

03:31

All right, on the module two.