Burp Everywhere, All Around the World: Bringing AppSec Enthusiasts Together in 2025 | Blog
Amelia Coen | 13 March 2025 at 08:49 UTC Security is a team sport. Whether you’re a pentester, bug bounty hunter, student, or just love…
Category: Mix
Behind the Scenes of Burp AI: How we built it, and what’s next | Blog
Katie Warren | 12 March 2025 at 13:30 UTC Why now? Artificial intelligence is rapidly transforming industries, and security testing is no exception. At PortSwigger,…
A complete guide to exploiting advanced XXE vulnerabilities
XML External Entity (XXE) vulnerabilities are one of the most overlooked yet impactful vulnerabilities in modern web applications. Although they’ve become seemingly harder to detect…
Introducing Alfred for fully autonomous AI-built vulnerability assessments
We are excited to announce Detectify Alfred, a revolutionary system that uses AI to completely autonomously collect and prioritize threat intelligence and generate high-fidelity security…
API Specifications: Why, When, and How to Enforce Them
APIs facilitate communication between different software applications and power a wide range of everyday digital experiences, from weather apps to streaming services and everything in…
Noir Enhances AI Integration for Advanced Analysis
Mar 01, 2025 Expanding AI Capabilities in Noir v0.20.0 Noir v0.20.0 has arrived, supercharging its AI-powered security analysis capabilities. This release broadens AI collaboration beyond…
API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
APIs present a security risk—that much is a given. Attacks on APIs have caused some of the most significant security incidents of the past decades.…
Top vulnerabilities in 2024 and what to watch for in 2025
The financial services industry continues to be hit hard by malicious actors, with the average cost of a data breach in the sector increasing to…
The Cost Savings of Fixing Security Flaws in Development
When security incidents from software defects happen, retrospectives often tell the story of heroic remediation in the form of a few hundred lines of code (or…
Making security a business value enabler, not a gatekeeper
The traditional perception of security within an organization is as a barrier rather than a facilitator, imposing approval processes and regulations that inevitably slow down…
PortSwigger and SAP forge strategic partnership to enhance enterprise web security
Andrzej Matykiewicz | 25 February 2025 at 14:34 UTC In today’s rapidly evolving digital landscape, securing web applications at scale is a challenge, even for…
AI State Management (AISM) | Daniel Miessler
One of the biggest pushbacks against AI is best articulated as a single question. So what? The argument goes something like this: Cool. So we…