We launched the Web Security Academy in April 2019, as a means of providing free training and learning materials for security professionals. We now have 200 labs, and last year the Web Security Academy surpassed an incredible one million users.
Additionally, we haven't failed to notice that Burp Suite has acquired quite a following within the industry. We've equipped our customers with a solid combination of learning resources from our Web Security Academy, and the world's leading web security testing toolkit, but still felt that there was a piece of the puzzle missing.
We are now happy to announce the launch of our much-requested Burp Suite certification program. The new certification will initially feature a Practitioner level, with a view to creating additional levels in the future.
It is a three-hour exam that, if you pass, certifies your skills in web security testing. By becoming a Burp Suite Certified Practitioner, you'll be able to demonstrate your ability to:
These skills, and many more besides, are just part of what completing this exam will demonstrate. By completing the Burp Suite Certified Practitioner exam, you'll be able to prove your skills with Burp Suite Professional to the web security community. Take and pass the exam, and you'll be able to call yourself a Burp Suite Certified Practitioner.
By gaining this certification, you'll be able to validate your self-taught skills as a web security practitioner, and take control of your security career. All those hours spent in the Web Security Academy can now be turned into an accreditation, and you can showcase your well-honed (and hard-earned) web security testing skills to the industry at large.
By becoming a Burp Suite Certified Practitioner, you'll be able to:
Just like all of the labs and learning materials on the Web Security Academy, this certification has been created by the globally-renowned team at PortSwigger Research.
We've created some resources to help you get ready, as we want as many people as possible to be able to take and pass this exam, to become a Burp Suite Certified Practitioner. All of our resources can be accessed completely free of charge, to put you in the best possible position before taking the exam.
We want as many of you as possible to be able to get this certification, but don't for a minute think that we'll be making it easy for you. You'll have three hours to complete the exam, so you need to be using every tool in your toolkit to the best of its abilities.
Realistically, completing the exam within this time frame requires a blend of manual and automated testing. One way to make the most of your available time is to use Burp Scanner to quickly identify crucial vulnerabilities. You won't have time to scan everything so you'll need to focus your scanning on high risk features, but you need to make sure your scans aren't so generalized that you run the risk of missing things.
We've created a guide to augmenting your manual testing with Burp Scanner, to make sure you've got to grips with the full scope of scanning you'll need to perform during the exam. As we've already stated, the exam also requires you to be able to adapt your attack methods to bypass broken defenses - specifically - obfuscating attacks using encodings.
As we did with the Web Security Academy, we wanted to make our new certification accessible to as many people as possible. Many existing certifications on the market today are too expensive or require the exam-taker to spend days or even weeks under test conditions, effectively alienating a huge number of hopeful web security testers.
So, here are the key facts about our brand new Burp Suite Certified Practitioner certification:
Here at PortSwigger, we're on a mission to enable the world to secure the web. We've provided the tools, we created a platform with continually updated learning materials, so now we're giving you the option to get certified too.
Take control of your security career - become a Burp Suite Certified Practitioner today.