Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

Retaking your exam

Advice from certified users to help you prepare

The Burp Suite Certified Practitioner exam is challenging, that's why obtaining it is so valuable! That means that not only is there no shame in failing, you're likely to learn something from your failed attempts that will help you be better prepared for next time.

If you haven't already, work through the suggested preparation steps for the exam. Remember that these steps are designed to refresh knowledge and skills you already have, and will not be sufficient if they're the only experience you have of the vulnerabilities and exploit techniques.

You found a vulnerability but couldn't exploit it

When you're testing professionally, finding the vulnerability is only ever half of the battle. After discovery, you should be asking yourself: "What could I do with it?". This might involve chaining it to other vulnerabilities, and being able to demonstrate the actual security impact.

You ran out of time

The time limit on the exam is reminiscent of the pressure you'll experience when testing professionally. Approaching the situation methodically, quickly gaining a clear view of the application, and using Burp Suite Professional's automated features will all help you.

You couldn't find a vulnerability at all

Unlike the labs on the Web Security Academy, during the exam you won't have any contextual clues as to what you're looking for. This means you'll need excellent discovery skills to supplement your knowledge of how different vulnerabilities work.

General advice and guidance

Regardless of your level of experience, there's no substitute for time spent learning. Practicing your techniques, reviewing your processes, and refreshing your knowledge will all help you to be better prepared for your next attempt.