Get involved in the Burp challenge for opportunities to test your skills and win swag  –   Challenge me

Get Burp Suite Certified for $99

How to prepare for your certification

How to prepare for the Burp Suite Certified Practitioner exam

Make sure you're fully prepared to undertake the Burp Suite Certified Practitioner exam

Follow the steps outlined below to get yourself fully prepared to take your Burp Suite Certified Practitioner exam. Put your focus on truly understanding a vulnerability class or exploit. If there are any steps or processes outlined on this page that you are not 100% comfortable with, we highly recommend that you go back and practice those skills before attempting your certification exam. If you need extra support, please read our exam hints and guidance page.

Step 1: Complete one lab from every topic

Work through all of the topics on the Web Security Academy, completing one lab from each topic - make sure the lab you choose to complete is "Practitioner" level. There is no set time frame for completing the labs, but you must be able to do so without requiring access to the solutions provided.

If you're unable to complete the lab you selected, go back to the learning materials and work through all the labs in that topic to make sure you're comfortable with the vulnerability class and exploit techniques it covers.

Step 2: Complete the following labs

These labs have been selected because they reinforce core web security testing skills - such as understanding encodings and using them to evade defences, and proficiency in exploiting cross-user attacks. These specific labs support your exam preparation in terms of skill development, but they are in no way a list of the components you'll be expected to solve to complete the exam.

Step 3: Complete five mystery lab challenges

Use the mystery lab challenge below to spin up five practitioner-level randomized lab challenges - you'll have to try and work out how to solve each challenge with no context, exactly as you would when performing recon in a real-world testing environment.

In some of the labs, you have access to your own account with the credentials wiener:peter. If you can enumerate usernames, you may also be able to brute-force the login using the following username and password wordlists.



Step 4: Take and pass the practice exam

The practice exam is designed to be a realistic test of all your web security skills. It will also allow you to get used to the format the real exam will use. Before you take the practice exam, read through the exam hints and guidance for some tips and advice to help you succeed.

If you are unable to pass the practice exam, we strongly suggest that you work through the steps outlined in this guide again to further hone your skills.

You have two hours to complete the practice exam, which contains one vulnerable application for you to exploit.

You must study and prepare to take the Burp Suite Certified Practitioner exam