Page 189 - Hands-On Bug Hunting for Penetration Testers
P. 189

Other Tools                                                                Chapter 11

            But as we showed in our chapter on CSRF, generating a CSRF PoC is pretty easy to
            automate yourself, in a way that better integrates with tools outside of Burp. If you don't
            find yourself needing the other advanced manual tools, then it basically comes down to the
            scanner. Even if you already have a scanner as part of your workflow though, quite often
            different scanners are better at scanning different vulnerabilitiesbyou'll get the best picture
            of a site if you apply multiple scanners to it (which, considering the cost of scanners, is
            easier said then done).
            There's also an extra layer to the value component of Burp. Although you shouldn't
            purchase a tool with marginal utility just because it's good value, it is an important
            consideration.
            Scanners are expensive. It's not uncommon for the cheapest licenses for top-quality
            application scanning products to reach into the thousands for a small team (the cheapest
            offering from Netsparker, a security company, is just under $5,000/year for a desktop app
            that allows you to scan five websites).

            This is clearly an attempt on their part to capture an enterprise security team that wants a
            reproducible, automated vulnerability detection scheme as part of their general application
            pipeline/stack. But that phenomenon is common to a lot of the pentesting tool chain, as
            companies with know-how want to target B2B enterprise opportunities, because that's
            where the money is. Hackers don't have departmental budgets to throw around.

            In that context, the Burp Pro license is a great deal, unlocking more than just scanning
            functionality for a price that's less than a month of the license subscription of other, popular
            products. If you've followed along with this walkthrough, or generally use Burp as the
            lynchpin of your security workflow, you should strongly consider purchasing. If you're
            spending time inside Burp, it's worth it.

            Let's consider another tool, SecApps. SecApps is a browser-based pentesting client created
            by Websecurify that allows for a completely cloud-based workflow, with no desktop apps,
            local files, or dependencies beyond the browser required. This is a solution that would fit
            comfortably into a Chromebook-type setup, where the hardware needs are minimal.
            There's a lot to recommend SecApps: though they provide some basic free services (such as
            their HTTP proxy), most of their functionality is on their paid tier (it should be noted that
            beyond their browser client, they also offer solutions for CI/CD testing), which is still
            comparatively affordable at $29/month. But even with that low adoption cost, we should
            still address the same questions we do when considering any new workflow:

            Does this lock me into plans or services or a particular design?






                                                    [ 174 ]
   184   185   186   187   188   189   190   191   192   193   194