This chapter covers intermediate to advanced topics such as working with JWT, XXE, and Java deserialization attacks, and how to use Burp to assist with such assessments. With some advanced attacks, Burp plugins provide tremendous help in easing the task required by the tester.