Author Archives: PortSwigger Blog

Now that the dust has settled on Mythos dropping, there is space for more considered reflection on the direction of travel. Mythos wasn’t a surprise; it’s another data point on a trajectory that’s bee Continue reading The beast needs a cage: What’s next for AppSec post-Mythos→

Senior pentesters have a deeply refined intuition about what is vulnerable in an environment. The problem? That expertise is often siloed with an individual and trapped in their notes or Python scripts. Continue reading 3 ways custom scan checks turn practitioner knowledge into scalable automation→

We’re proud to announce that PortSwigger recently won the Overall Judges’ Award at the Northern Tech Awards 2026. The Northern Tech Awards are run by GP Bullhound, the tech advisory and investment fir Continue reading PortSwigger recognized at the Northern Tech Awards 2026.→

Why we’re launching the program What it means to be a Burp Ambassador What we’re aiming for Our Burp Ambassadors Alan Levy Corey Ball Federico Dotta Rana Khalil Tib3rius Looking ahead Get Involved – B Continue reading Introducing the official Burp Ambassador Program→

More power for bug hunters An education-first approach to bug bounty Rewards on Meta’s Bug Bounty Platform Our shared vision Ready to get started? We’re excited to announce a new partnership with Meta Continue reading PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses→

Note: This is a guest post by pentester Julen Garrido Estévez (@b3xal). 1. Acknowledgements 2. Intro 3. Required tools 4. Strategy to solve/exploit the lab 5. Detecting 0.CL 5.1. Practical confirmatio Continue reading HTTP/1.1 Must Die: Conquering the 0.CL Challenge→

I’m a firm believer that if you want to understand how secure an application really is, you have to test how it behaves, not just how it was written. Automation has become essential to that. No AppSec Continue reading Automation without alignment: The hidden cost of modern DAST→

At PortSwigger, we’re always looking for ways to enable the world to secure the web, and today we’re excited to take that mission a step further. We’re pleased to announce a new collaboration bringing Continue reading PortSwigger X Intigriti: Burp Suite Professional licenses up for grabs with this new collaboration→

Note: This is a guest post by IT security consultant Adarsh Kumar. I’ve been using Burp Suite day to day for years, so when Burp AI was introduced, I was curious how it would actually hold up dur Continue reading How I sped up exploit validation in Repeater using Burp AI→

Note: This is a guest post by pentester Julen Garrido Estévez (@b3xal). Methodology Key results Examples Key learnings Prompt template A pentester’s POV on Burp AI Pentester Julen Garrido Es Continue reading Functional PoCs in less than a minute? Julen Garrido Estévez puts Burp AI to the test→