Get Burp Suite Certified for $99

How to prepare for your certification

How to prepare for the Burp Suite Certified Practitioner exam

Make sure you're fully prepared to undertake the Burp Suite Certified Practitioner exam

The Burp Suite Certified Practitioner exam is challenging, and heavily focused on problem-solving. Obtaining this certification proves that you have a deep knowledge of web vulnerability classes, and the skills required to discover and exploit them. To be successful, you need to demonstrate a number of skills and abilities. The best way to prepare for the exam depends on your level of experience.

Still learning the fundamentals of web security?

If you're still developing your web security knowledge, we recommend the following approach:

  1. Work through the topics within the academy, completing every apprentice and practitioner-level lab as you go.
  2. As you reach the end of each topic, use the mystery labs feature to practice solving the labs with no contextual clues.
  3. When you've completed all the practitioner-level labs, practice solving mystery labs from all available topics to develop your recon and discovery skills.
  4. Then complete a practice exam to familiarize yourself with the exam format.
  5. Make sure to read the exam hints and tips, as they contain invaluable information that you'll need to be successful in the exam.

Think you've already got what it takes?

If you already have extensive web security experience, you don't necessarily need to work your way through the entire Web Security Academy before sitting the Burp Suite Certified Practitioner exam. Completing the steps outlined below will help you to:

Step 1: Complete one practitioner lab from every topic

Work through all of the labs on the list at the link below, completing each lab in turn. There is no set time frame for completing the labs, but you must be able to do so without requiring access to the solutions provided.

If you're unable to complete the lab you selected, go back to the learning materials and read through the content carefully, working through all the labs in that topic to make sure you're comfortable with the vulnerability class and exploit techniques it covers.

Step 2: Complete the following labs

These labs have been selected because they reinforce core web security testing skills - such as understanding encodings and using them to evade defences, and proficiency in exploiting cross-user attacks. These specific labs support your exam preparation in terms of skill development, but they are in no way a list of the components you'll be expected to solve to complete the exam.

Step 3: Complete five mystery lab challenges

Use the mystery lab challenge below to spin up five practitioner-level randomized lab challenges - you'll have to try and work out how to solve each challenge with no context, exactly as you would when performing recon in a real-world testing environment.

In some of the labs, you have access to your own account with the credentials wiener:peter. If you can enumerate usernames, you may also be able to brute-force the login using the following username and password wordlists.



Step 4: Take and pass a practice exam

The practice exams are designed to be a realistic test of all your web security skills. They will also allow you to get used to the format the real exam will use. Before you take a practice exam, read through the exam hints and guidance for some tips and advice to help you succeed.

If you are unable to pass a practice exam, we strongly suggest that you work through the steps outlined in this guide again to further hone your skills.

You have two hours to complete your practice exam, which contains one vulnerable application for you to exploit.

You must study and prepare to take the Burp Suite Certified Practitioner exam