ProfessionalCommunity Edition

Testing for vulnerabilities

• Last updated: January 16, 2026

• Read time: 1 Minute

After mapping the application and analyzing its attack surface, the next step is to test it for vulnerabilities. This involves checking how the application handles authentication, access control, user input, and other security-critical functionality.

Burp Suite provides a range of tools to support vulnerability testing, from targeted manual techniques to automated scanning. The tutorials in this section focus on using these tools to test for a range of common web vulnerabilities.

You can complete the tutorials as stand-alone exercises or combine them as part of a wider testing workflow. Most of the tutorials can be practiced using our deliberately vulnerable website, ginandjuice.shop, or a deliberately vulnerable lab from the Web Security Academy. We provide a link to a suitable lab where one exists.