forked from PortSwigger/auth-matrix
-
Notifications
You must be signed in to change notification settings - Fork 0
/
BappDescription.html
13 lines (9 loc) · 1.16 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
<p>AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services.
With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront.
These tables are displayed through the UI in a similar format to that of an access control matrix commonly built in various threat modeling methodologies.</p>
<p>Once the tables have been assembled, testers can use the simple click-to-run interface to efficiently run all combinations of roles and requests.
Testers can then confirm their results with an easy to read, color-coded interface indicating any authorization vulnerabilities detected in the system.
Additionally, the extension provides the ability to save and load target configurations for simple regression testing.</p>
<p>Requires Jython version 2.7.0 or later</p>
<p>Version 0.8 release information: <a href="https://zuxsecurity.blogspot.com/2018/01/authmatrix-08.html">https://zuxsecurity.blogspot.com/2018/01/authmatrix-08.html</a></p>
<p>Please report issues on the <a href="https://github.com/SecurityInnovation/AuthMatrix">project GitHub</a>.</p>