Ready to take the exam? Here's what you need to know.
The Burp Suite Certified Practitioner is an official certification for web security professionals, from the makers of Burp Suite. Achieving BSCP status requires a deep knowledge of web security vulnerabilities, the correct mindset to exploit them, and of course, the Burp Suite skills needed to carry this out.
In order to become a Burp Suite Certified Practitioner, you will need to undertake (and successfully pass) a four hour exam. This exam will consist of multiple practical challenges, designed to test your knowledge of vulnerabilities as well as your ability to exploit them.
You'll need to successfully complete all three steps before the practice exam on the preparation guide.Read more
Take our practice exam as often as you need to get familiar with the structure and time-constraints.Read more
When you're ready, purchase your exam. If you pass, you'll become a Burp Suite Certified Practitioner!Get certified
The Burp Suite Certified Practitioner certification presents a novel opportunity to demonstrate your skills with the most widely used web application security testing toolkit.
Spanning everything from age-old classic vulnerability classes, to the very latest cutting-edge discoveries - some of which were discovered by PortSwigger Research - the BSCP provides a realistic, black-box environment to test and hone both old and new skills.
This certification will prove that you have the ability to:
Detect and prove the full business impact of a wide range of common web vulnerabilities - such as XSS, SQLi, OWASP Top 10 and HTTP Request Smuggling.
Adapt your attack methods to bypass broken defenses, using your knowledge of fundamental web technologies like HTTP, HTML, and encodings.
Quickly identify weak points within an attack surface, and perform out-of-band attacks to attack them, using manual tools to aid exploitation.
Successfully passing the BSCP certification exam indicates a high-level proficiency in web security testing. It is aimed at penetration testers, and the organizations that employ them.
To undertake the certification, you will need access to an active subscription of Burp Suite Professional. Get a subscription to Burp Suite Professional now, if you don't already have access to a separate license.
Everything you will need to prepare for the certification, including all of the learning materials, interactive labs, and the practice exam, are available for free. We believe that knowledge should be available and affordable for everyone. We keep our prices low to make this certification, as with all of our products, accessible to as many people as possible.
Don't let the low price point fool you though - the Burp Suite Certified Practitioner certification is equivalent to numerous other, far more costly, certifications already on the market. The skills required to gain this certification demonstrate a comprehensive ability and skill-set in the field of web security testing.
The Burp Suite Certified Practitioner exam is challenging, and heavily focused on problem-solving. To pass the exam, you will need to demonstrate a number of skills and abilities.
We have created a number of resources to help you prepare for the Burp Suite Certified Practitioner exam. We advise that you make full use of these before attempting the exam.
To make the process of taking the exam as easy and secure as possible, we have partnered with a third-party proctoring service called Examity. For information on the system requirements from PortSwigger and Examity, please refer to the exam process page.
The content of this examination has been created by James Kettle and the Web Security Academy team. The exam itself will follow a process fairly similar to that of the labs within the Web Security Academy, but in order to take the exam you will first need to go through an identity verification process with Examity.
Each user who successfully passes the Burp Suite Certified Practitioner exam will receive a link to their certificate, with a unique certification identifier. This identifier can be included on your CV, shared with employers, and posted to your social profiles.
Your digital certificate clearly states the validity of your certification, including both the start and end dates. Once acquired, your certification will last for five years.
For more information, please refer to the terms and conditions.