Burp Suite Certified Practitioner – Getting Started

Burp Suite Certified Practitioner - Getting Started

Hello and welcome to HaXeZ, today we’re going to be talking about the Burp Suite Certified Practitioner certification. For those new to Cybersecurity, you may not know that Burp Suite is probably the best web testing tools available. You may also not know that Portswigger (the parent company) offers certification for Burp Suite. Furthermore, you may also not know that the exam to get the certificate is currently only $99! Additionally, if you pass it before December 10th, 2021, they will refund you!!!

Burp Suite Certified
Burp Suite Certified

Burp Wait, Theres More

The Burp Suite application requires an annual license fee (around $300) for the professional version. The professional version is required to pass the exam. However, you can register and download a 30-day free trial to practice with and take the exam. You don’t need to provide any credit card information, just sign up and download the client. If you have some spare time, then 30 days should be plenty to get through the exam (I hope).

Free Trial
Free Trial

Portswigger Web Security Academy

Did I mention that their academy is completely free to access? All of the resources that you need to learn to pass the exam are on their website. Furthermore, it even includes a progress tracker to show how far you have come since starting. It has articles on each vulnerability and then labs to practice attacking those vulnerabilities. Completing the lab will add progress to your learning progress.

Buro Suite Learning Progress

Learning Paths

There are three distinct learning paths, Server-Side Topics, Client-Side Topics, and Advanced Topics. These topics are then broken down into different sections covering different vulnerabilities. For example, the first recommended learning path is Server-Side Topics and covers topics like SQL injection, XXE Injection, and Command Injection.

Server-Side Topics
Server-Side Topics

The Client-Side Topic has various modules including Cross-Site Scripting, Cross-Site Request Forgery, and Clickjacking. This module covers everything that can be exploited from clientside in the browser.

Client-Side Topics
Client-Side Topics

Finally, the advanced topics cover areas like insecure deserialization, server-side template injection, and web cache poisoning. There are a total of 21 modules. However, the modules vary in size so you could complete a couple of modules a day.

Wish me luck as I begin my BSCP journey.

%d bloggers like this: