1. Support Center
  2. Training

Burp Suite Training

Are you looking for training in how to use Burp? Would you like to take your understanding of web security to the next level?

Web Security Academy - New !

Burp Suite Training Partners

Burp Suite training is available for both novice and advanced Burp Suite users through our specialist training partners across the globe.

Mastering Burp Suite Pro - 100% Hands-on

Training provider: Agarri
Region: Worldwide
Languages: English, French
Website: http://www.agarri.fr/en/trainings.html
Email: nicolas.gregoire@agarri.fr
Phone: +33 640 374 191
Duration: 3 days
Overview: This is a training for Web hackers who want to master their toolbox. Mastering Burp Suite allows users to get the most out of the tool, optimizing time spent. Work will be faster, more effective and more efficient. What's more, advanced automation techniques allow detection of additional vulnerabilities whether complex or subtle. Attendees will also learn to measure the quality of their attacks, a crucial skill in real-life engagements. Every trainee goes through the main track, composed of nearly 60 challenges. Plenty of additional ones are available, depending on your speed, taste, skills and professional needs. No way to get bored! Among the available challenges: complex brute-force, data extraction, support of custom formats, automatic management of anti-CSRF tokens, weak cryptography, webhooks, NoSQL injections, authorizations bugs, aggressive disconnection, JWT-authenticated APIs, arbitrary Java deserialization, blind stored XSS, instrumented Java applications, strict workflows, ...
Audience: The training is mostly aimed at Web application penetration testers. However, other roles like QA people and advanced developers would also profit from the presented skills. Whatever your role, this training will provide beneficial automation skills whether novice (having used the Free version a few times) or expert (using the Pro version for years).

Burp Suite Workshop

Training provider: Alcorn Group
Region: Asia Pacific
Languages: English
Website: http://alcorngroup.com/services/
Email: info@alcorngroup.com
Phone: +61 7 3821 2895
Duration: Half day, full day and two day workshops are available
Overview: This training provides you with both a theoretical and practical understanding of how to use the very popular hacking tool Burp Suite Professional. Mastering this professional ethical hacker tool of choice will give you a capability to easily find vulnerabilities in your web applications. Burp Suite has possibly been the most consistently high quality tool for assessing web applications for over a decade and the methodologies in this course are a must for any serious web application assessment.
Audience: Suitable for new entrants in web application security, also intermediate and advanced web application security specialists.

Developing Burp Suite Extensions - From manual testing to security automation

Training provider: Doyensec LLC
Region: Worldwide
Languages: English
Website: https://www.doyensec.com/
Email: info@doyensec.com
Phone: +1 (628) 333 9093
Duration: 1 or 2 days workshops are available
Overview: In this hands-on class, attendees will learn how to design and develop Burp Suite extensions for a variety of tasks. After a quick intro to Burp and its extension APIs, we work on setting up an optimal development environment enabling fast coding and debugging. Then, we discuss and create many different types of plugins, including: * A custom logger to provide persistency and data export functionalities using MongoDB * A simple (and yet useful) replay tool * Passive check for Burp's scanning engine to detect missing SubResource Integrity (SRI) attributes * Active check for Burp's scanning engine to detect Expression Language (EL) injection vulnerabilities * A custom Intruder payload generator to fuzz using Radamsa Finally, we leverage our extensions to build a security automation toolchain integrated in a CI environment (Jenkins). This workshop is based on real-life use cases where the extension capabilities of the tool can be unleashed to improve efficiency and effectiveness of security auditing. While we develop our code in Java using Oracle's NetBeans, we also provide templates for IntelliJ IDEA and Eclipse. Additionally, we discuss and provide code for both Python and Ruby so that you can work using your favorite programming language.
Audience: The training is suitable for both web application security specialists and developers. Attendees are expected to have rudimental understanding of Burp Suite as well as basic Object-Oriented Programming experience. While Burp extensions are developed live in Java, attendees can work on Python or Ruby since all exercises are also provided in those languages.

Web Application Hacking with Burp Suite

Training provider: Maven Security Consulting Inc.
Region: US
Languages: English
Website: https://www.mavensecurity.com/burpsuite_training/
Email: burpsuite@mavensecurity.com
Phone: +1-877-MAVEN-HQ (1-877-628-3647)
Duration: 1, 2 and 3 day workshops are available
Overview: This workshop, through hands-on demos and labs, will introduce the student to the techniques needed to remotely detect and validate the presence of common vulnerabilities in web-based applications using Burp Suite, the industries' most popular toolkit. Testing will be conducted from the perspective of the end user (as opposed to a source code audit). Security testing helps to fulfill industry best practices and validate implementation. Remote security testing is especially useful since it can be done at various phases within the application's lifecycle (e.g. during development), or when source code is not available for review.
Audience: People who are auditing web application security, developing web applications, or managing the development of web applications.

The Web Application Hacker's Handbook (CREST approved course)

Training provider: MDSec
Region: Worldwide
Languages: English
Website: https://www.mdsec.co.uk/
Email: contact@mdsec.co.uk
Phone: +44 (0)1625 263 503
Duration: 2 or 3 days
Overview: This 2 or 3 day course is a practical counterpart to the well-known Web Application Hacker's Handbook, and is developed and taught by the authors, with strong focus on practical attacks and methods. After a short introduction to the subject the course then delves into common insecurities. The Web Application Hacker's Handbook course is CREST approved and is useful preparation for: CREST Certified Infrastructure Tester (CCT INF) and CREST Certified Web Applications Tester (CCT APP).
Audience: Those who wish to build on their skills in web application security, including those wishing to learn how to get the most out of Burp. Also suitable for new entrants to the web application security industry, including those working in Quality Assurance or internal testing functions. This course has frequently been recommended by candidates who have taken both the CREST CCT Infrastructure and CCT Web Applications exams.

Tactical Burp Suite & Advanced Tactical Burp Suite

Training provider: Secure Ideas LLC
Region: Virtual (recorded webinar)
Languages: English
Website: https://training.secureideas.com/our-courses/
Email: info@secureideas.com
Phone: +1-866-404-7837
Duration: 2 hours (pre-recorded webinar)
Overview: Tactical Burp Suite:Tips and Tricks to Using Our Favorite Web PenTesting Tool! Kevin Johnson and Jason Gillam will explore the various features of Burp Suite, focused on how we use the system during our penetration testing. This webinar will use hands-on examples to reinforce the topics and tricks that Jason and Kevin will be showing. Not only will we be doing the demos, but a target system will be made available to attendees so that they can do the examples along with Kevin and Jason. This webinar costs $25 dollars and runs for approximately two hours.
Audience: Everyone with an interest in using Burp Suite.

Web Application Security

Training provider: Securitum
Region: Europe
Languages: Polish, English
Website: https://securitum.pl/szkolenia/bezpieczenstwo-aplikacji-www-szkolenie/
Email: securitum@securitum.pl
Phone: +48 12 361 33 37
Duration: 3 days
Overview: This three-day hands-on training, gives participants a practical knowledge of web application security issues. Throughout the course the participants will analyse the security of a number of systems for vulnerabilities using Burp Suite Professional. Each vulnerability is preceded by a theoretical introduction, and for these vulnerabilities a method of protection against attacks. The training can be delivered in English onsite for a closed group.
Audience: Those who wish to build on their skills in web application security. Recommended (but not required) experience: 1. Basic knowledge of SQL 2. Basic knowledge of HTML/Javascript 3. Basic knowledge of HTTP communication 4. General IT background

Web Application Bootcamp - Journeyman Level

Training provider: SensePost
Region: UK, South Africa & USA
Languages: English
Website: https://www.sensepost.com/learn/journeyman-application/
Email: training@sensepost.com
Phone: +44 (0)202 7956 8826
Duration: 2 days
Overview: We love owning the application layer and this course reflects that. We want to take students on a path of obtaining offensive security knowledge in the web application realm. The course focuses on the fundamentals rather than specific tools and introduces you to our hacking methodology refined over thousands of assessment conducted over the last 14 years. SQLi/XML/XPath/LDAP/RFI/DOM, this industry loves acronyms. From the start we cut through the acronym soup and start serving up plain and simple approaches to understand how applications are built and where vulnerabilities are introduced. This is hands on learning, not just listening.
Audience: This course is meant for those who are new to penetration testing, network administrators or indeed anyone who wants to understand more about offensive testing and get their hands dirty breaking into various networks and applications.

Practical Web Application Penetration Testing (PWAPT)

Training provider: Tim "lanmaster53" Tomes
Region: US
Languages: English
Website: http://www.lanmaster53.com/training/
Email: timothy.tomes@gmail.com
Phone: +1-864-756-1417
Duration: 2-4 day workshop
Overview: This hands-on course provides customized training on the latest web application security tools and manual techniques for performing end-to-end web application penetration testing engagements. After a quick overview of the penetration testing methodology, the instructor will lead students through the process of testing and exploiting a target web application using the techniques and approaches developed from a career of real world application penetration testing experiences. Students will be introduced to the best tools currently available for the specific steps of the methodology including Burp Suite Pro, and taught how these tools integrate with manual testing techniques to maximize effectiveness. A major goal of this course is teaching students the glue that brings the tools and techniques together to successfully perform a web application penetration test from beginning to end.
Audience: Application Security professionals with a general understanding of the OWASP Top 10.

Web Application Penetration Testing with Burp Suite

Training provider: TrustFoundry
Region: US, Worldwide
Languages: English
Website: https://trustfoundry.net/
Email: training@trustfoundry.net
Phone: +1 (913) 871-3371
Duration: Half-day, 1 day, 2 day, and 3 day courses available
Overview: We have an introductory and an advanced class, although we can create customized classes depending on the targeted duration and material. Introduction to Web Application Penetration Testing Learn the tools and techniques for conducting a web application penetration test. Get your hands dirty with HTTP and Burp Suite. This workshop will provide a solid introduction to web application penetration testing. This class is designed for those with little to no web application penetration testing experience, although it will move quickly. This class will include hands on challenges where attendees use skills acquired during the class to exploit web applications. Attendees will walk away with a basic understanding of the tools and processes for conducting a web application penetration test. Advanced Web Application Penetration Testing So you've popped some alert boxes, and understand the OWASP Top 10, but you're looking to take your skills to the next level? In this course, students will gain an understanding of moderate to advanced web application attacks and assessment techniques. This class will include hands on challenges where attendees use skills acquired during the class to exploit web applications. Attendees will walk away with an understanding of the tools and processes for conducting a deep-dive web application penetration test. Full agenda available at: https://trustfoundry.net/services/#training
Audience: Introduction to Web Application Penetration Testing Basic knowledge of HTTP requests and responses, and any web application programming experience will be helpful, but is not required. Advanced Web Application Penetration Testing Basic knowledge of HTTP, Burp Suite, and the ability to exploit basic web application attacks (XSS, SQLi, etc.) is suggested. Web application programming experience will be helpful, but is not required.

Forthcoming public training

No forthcoming public training sessions are currently scheduled.

Self-Study Resources