How to prepare for your certification

Make sure you're fully prepared to undertake the Burp Suite Certified Practitioner exam

The Burp Suite Certified Practitioner exam is challenging, and heavily focused on problem-solving. Obtaining this certification proves that you have a deep knowledge of web vulnerability classes, and the skills required to discover and exploit them. To be successful, you need to demonstrate a number of skills and abilities. The best way to prepare for the exam depends on your level of experience.

Still learning the fundamentals of web security?

If you're still developing your web security knowledge, we recommend the following approach:

1. Work through the topics within the academy, completing every apprentice and practitioner-level lab as you go.
2. As you reach the end of each topic, use the mystery labs feature to practice solving the labs with no contextual clues.
3. When you've completed all the practitioner-level labs, practice solving mystery labs from all available topics to develop your recon and discovery skills.
4. Then complete a practice exam to familiarize yourself with the exam format.
5. Make sure to read the exam hints and tips, as they contain invaluable information that you'll need to be successful in the exam.

Think you've already got what it takes?

If you already have extensive web security experience, you don't necessarily need to work your way through the entire Web Security Academy before sitting the Burp Suite Certified Practitioner exam. Completing the steps outlined below will help you to:

• Assess whether you have sufficient knowledge of the range of vulnerability classes covered.
• Refresh your knowledge of how to demonstrate security impact, turning vulnerabilities into high-severity exploits.
• Familiarize yourself with some of the Academy-specific mechanisms you'll need to use within the exam, such as our simulated exploit server.

Step 2: Complete the following labs

These labs have been selected because they reinforce core web security testing skills - such as understanding encodings and using them to evade defences, and proficiency in exploiting cross-user attacks. These specific labs support your exam preparation in terms of skill development, but they are in no way a list of the components you'll be expected to solve to complete the exam.

Step 4: Take and pass a practice exam

The practice exams are designed to be a realistic test of all your web security skills. They will also allow you to get used to the format the real exam will use. Before you take a practice exam, read through the exam hints and guidance for some tips and advice to help you succeed.

If you are unable to pass a practice exam, we strongly suggest that you work through the steps outlined in this guide again to further hone your skills.

You have two hours to complete your practice exam, which contains one vulnerable application for you to exploit.