Looking for our research? We've moved it to a dedicated page

The Burp challenge

Emma Stocks | 30 November 2022 at 09:35 UTC

We recently launched the Burp challenge, to give our customers a unique opportunity to demonstrate their skills with Burp Suite Professional. Not only that, but the challenges involved put your web vulnerability skills and knowledge, recon, and efficiency to the test.

To keep things fun along the way, we're also introducing unique mini challenges every week. If you complete the mini challenge, within the given time frame, you'll be entered into a prize draw to win exclusive Burp Suite swag.

How does the Burp challenge work?

If you can complete all four stages of the Burp challenge, by 31 December 2022, you'll be awarded an exam credit for our Burp Suite Certified Practitioner certification completely free of charge. That's because by completing all four stages, we believe you're well and truly prepared to take and pass the exam.   

Stage one - complete one practitioner-level lab from each of the required topics.

Stage two - complete eight specific labs.

Stage three - complete five different practitioner-level mystery labs.

Stage four - take and pass the practice exam.

The mini challenges

The mini challenges have been designed to help you work your way through the preparation steps, in an enjoyably challenging and manageable way. Anybody can attempt the mini challenges, and each week five lucky winners will be selected to win exclusive prizes. 

To help you keep on track, and work out where you can get involved for the chance to win some of that exclusive swag, you can view a rundown of the previous, current, and upcoming mini challenges below.


Launch date: Friday 11 November.
Challenge: Complete the new discovering vulnerabilities quickly with targeted scanning lab within 10 minutes, by Thur 17 November, to be entered into the prize draw.
Closing date: Thursday 17 November.
Winners: Congratulations to our five mini challenge winners this week. Mika, Bennie, @unactionjackson, @Mi1So, and Tijmen.


Launch date: Friday 18 November.
Challenge: Solve three mystery lab challenges, all at "Practitioner" level or higher, by Thursday 24 Nov, to be entered into the prize draw.
Closing date: Thursday 24 November.
Winners: Congratulations to our five mini challenge winners this week. Dillan, Khong, Konstantin, Sanket, and Maksym.


Launch date: Friday 25 November.
Challenge: Complete the SQLi with filter bypass via XML encoding lab, and the blind SQLi with out-of-band data exfiltration lab, by Thur 1 Dec, to be entered into the prize draw.
Closing date: Thursday 1 December (CLOSED).
Winners: Chosen on Mon 5 Dec at 3pm (GMT).


Launch date: Friday 2 December.
Challenge: Complete one "Practitioner" level lab from each of these topics - CSRF, Clickjacking, CORS, XXE, DOM-based vulnerabilities - by Thursday 8 December, to be entered into the prize draw.
Closing date: Thursday 8 December (CLOSED).
Winners: Chosen on Mon 12 December at 3pm (GMT).


Launch date: Friday 9 December.
Challenge: Complete these five specific labs, by Thurs 15 Dec, to be entered into the prize draw. Specific labs to complete: exploiting XSS to steal cookies, forced OAuth profile linking, brute-forcing a stay-logged-in cookie, exploiting HTTP request smuggling to capture other user's requests, SSRF with blacklist-based input filter.
Closing date: Thursday 15 December (CLOSED).
Winners: Chosen on Mon 19 December at 3pm (GMT).


Launch date: Friday 16 December.
Challenge: Complete every lab in the list below between Friday 16 December and Saturday 31 December to be entered into the prize draw to win exclusive Burp swag. To be eligible for inclusion in the prize draw, you need to complete every lab within the challenge time frame, even if you have previously solved the lab before. 

Check your progress: See your progress through the mini challenge on the lab tracker page.

Closing date: Saturday 31 December (ACTIVE).
Winners: Chosen in the new year (January 2023).

List of labs to complete for this challenge:


Your challenge progress

Every time you complete one of those mini challenges, you're one step closer to being prepared to take your Burp Suite Certified Practitioner exam. If you can complete all of the mini challenges, then take and pass the practice exam before December 31 2022, you'll get to try your hand at the exam completely free of charge. That's an opportunity that's not to be missed! 

Remember to keep checking on your challenge progress in your PortSwigger user account, as it'll let you know when you're ready to take your certification exam. Don't forget to share your progress with the Burp challenge, and the mini challenges, on your social channels too. If you tag @WebSecAcademy and use the #burpchallenge hashtag, we'll re-share your post on our channels so that the whole community can see your achievements.