Two IDOR bugs leak private data on healthcare providers; their e-mail, phone and address.

The bugs lead to potential access to data of 130k healthcare providers; including their own cyber risk insurance policy documents.

Compromising logins of Ahold Delhaize USA employees for >3.5 years (or even 18 years?). Escalating a XSS bug to Perl SSTI RCE. Full…

Coordinated vulnerability disclosure of a bug in an application used to submit reports of improper behaviour.

Background
As some might know, I work as a medical doctor (general practitioner) by day and as a security researcher by night. One of my…

A full write-up that explains the discovery and exploitation of a blind SQL injection bug.

A full write-up that learns the reader how to find reflected XSS and open redirect bugs. Hema.nl was used as an real life example.

A full write up: How to find a stored XSS bug in a Wordpress plugin and create a proof of concept payload that hijacks the full…

IKEA.com did not check the fields being used in one of their email forms. This resulted in the creation of fully signed phishing email.

Regilero's blog; Mostly tech things about web stuff.

Scripted scan checks in Burp Suite Professional are now a thing ...  tl;dr Burp Suite Professional now has a powerful yet simple scripting language that allows you to quickly build on our world c

There’s a running joke on the scanner development team; for the longest time I had net negative lines of code added to the Burp Suite codebase, and everyone’s convinced that I’m trying to regain that

tl;dr We have released BSEEPT - Burp Suite Enterprise Edition Power Tools which: Is a command line tool to drive all aspects of the BSEE GraphQL API. Is a Python client library to allow you to easily

We recently published some research on server-side prototype pollution where we went into detail on techniques for detecting this vulnerability black-box. To make your life easier, we've integrated th

The roadmap shown here is out of date. Please see our July 2023 roadmap update. Believe it or not, it's January once again. And this can mean only one thing - it's time to update you on the changes we

We launched the Burp Suite Certified Practitioner (BSCP) certification at the end of 2021 due to growing demand from Burp Suite Professional customers. Spanning everything from classic vulnerability c

It's been two years since we unleashed browser powered scanning on the world, and we decided what better way to celebrate than to start again from scratch! It started out as a task, how did it end up

If you follow the Burp Suite roadmap, then you'll know that we're working on a complete rewrite of the "Wiener" API used in Burp Suite Professional and Burp Suite Community Edition. The new API is cod