We launched the Web Security Academy in April 2019, as a means of providing free training and learning materials for security professionals. We now have 200 labs, and last year the Web Security Academy surpassed an incredible one million users.
Additionally, we haven't failed to notice that Burp Suite has acquired quite a following within the industry. We've equipped our customers with a solid combination of learning resources from our Web Security Academy, and the world's leading web security testing toolkit, but still felt that there was a piece of the puzzle missing.
We are now happy to announce the launch of our much-requested Burp Suite certification program. The new certification will initially feature a Practitioner level, with a view to creating additional levels in the future.
So, what is it?
It is a three-hour exam that, if you pass, certifies your skills in web security testing. By becoming a Burp Suite Certified Practitioner, you'll be able to demonstrate your ability to:
- Detect and exploit common web vulnerabilities.
- Display knowledge of fundamental web technologies.
- Adapt attacks to evade common defenses.
These skills, and many more besides, are just part of what completing this exam will demonstrate. By completing the Burp Suite Certified Practitioner exam, you'll be able to prove your skills with Burp Suite Professional to the web security community. Take and pass the exam, and you'll be able to call yourself a Burp Suite Certified Practitioner.
Benefits of becoming a Burp Suite Certified Practitioner
By gaining this certification, you'll be able to validate your self-taught skills as a web security practitioner, and take control of your security career. All those hours spent in the Web Security Academy can now be turned into an accreditation, and you can showcase your well-honed (and hard-earned) web security testing skills to the industry at large.
By becoming a Burp Suite Certified Practitioner, you'll be able to:
- Turn self-taught skills into accreditation.
- Showcase the high standard of your security testing.
- Advance your professional career.
Just like all of the labs and learning materials on the Web Security Academy, this certification has been created by the globally-renowned team at PortSwigger Research.
How to prepare for the certification
We've created some resources to help you get ready, as we want as many people as possible to be able to take and pass this exam, to become a Burp Suite Certified Practitioner. All of our resources can be accessed completely free of charge, to put you in the best possible position before taking the exam.
- Check out this page for everything you'll need to get prepared for the exam.
- Read through this page to understand the exam process, and all of the system requirements.
- Take our practice exam as many times as you need before you try the real exam.
Understanding the skills required
We want as many of you as possible to be able to get this certification, but don't for a minute think that we'll be making it easy for you. You'll have three hours to complete the exam, so you need to be using every tool in your toolkit to the best of its abilities.
Realistically, completing the exam within this time frame requires a blend of manual and automated testing. One way to make the most of your available time is to use Burp Scanner to quickly identify crucial vulnerabilities. You won't have time to scan everything so you'll need to focus your scanning on high risk features, but you need to make sure your scans aren't so generalized that you run the risk of missing things.
We've created a guide to augmenting your manual testing with Burp Scanner, to make sure you've got to grips with the full scope of scanning you'll need to perform during the exam. As we've already stated, the exam also requires you to be able to adapt your attack methods to bypass broken defenses - specifically - obfuscating attacks using encodings.
Burp Suite Certified - key facts
As we did with the Web Security Academy, we wanted to make our new certification accessible to as many people as possible. Many existing certifications on the market today are too expensive or require the exam-taker to spend days or even weeks under test conditions, effectively alienating a huge number of hopeful web security testers.
So, here are the key facts about our brand new Burp Suite Certified Practitioner certification:
- It costs $99 to take the exam.
- If you pass, your certification will be valid for five years.
- You can use our free Web Security Academy to prepare for the certification.
Ready to become a Burp Suite Certified Practitioner?
Here at PortSwigger, we're on a mission to enable the world to secure the web. We've provided the tools, we created a platform with continually updated learning materials, so now we're giving you the option to get certified too.
Take control of your security career - become a Burp Suite Certified Practitioner today.