Get Burp Suite Certified for $99

How to prepare for your certification

How to prepare for the Burp Suite Certified Practitioner exam

Ready to take the exam? Here's what you need to know.

Preparing for the Burp Suite Certified Practitioner exam

Make sure you're fully prepared to undertake the Burp Suite Certified Practitioner exam

If there are any steps or processes outlined on this page that you are not 100% comfortable with, we highly recommend that you go back and practice those skills before either attempting the practice exam or purchasing your certification exam.

The Burp Suite Certified Practitioner exam is designed to demonstrate and prove your ability to detect and exploit common web vulnerabilities. Although the exam itself must be completed within a set time frame, it emphasizes problem-solving over speed.

Put your focus on truly understanding a vulnerability class or exploit. If you can perform the required skills at speed, you may take that as an indicator that you are in a position to take the exam.

Web Security Academy training

Before you are ready to attempt the Burp Suite Certified Practitioner exam, you should be comfortably able to complete all of the labs within the Web Security Academy labeled "Practitioner" or lower. There is no set time frame for completing the labs, but you must be able to do so without requiring access to the solutions provided.

In addition, we strongly advise that you fully familiarize yourself with the exploiting XSS labs within the XSS topic. To successfully pass the Burp Suite Certified Practitioner exam, you'll need to be able to capably perform the exploits outlined within those materials.

Mystery lab challenge

Unlike when you complete labs on the Web Security Academy, during the exam you'll have no prior knowledge of the type of vulnerability that you need to find and exploit. Use the mystery lab challenge below to spin up a randomized lab that you'll have to try and work out how to solve with no context, just like in the exam.

In some of the labs, you have access to your own account with the credentials wiener:peter. If you can enumerate usernames, you may also be able to brute-force the login using the following username and password wordlists.



Practice exam

We've created a practice exam, to support your preparation for the final exam. This is designed to simulate the environment of a real test situation, and will cover a variety of vulnerability classes and exploits. The practice exam is there to allow you to get used to the format the real exam will use. It should also help you to gauge the difficulty level of the exam, and therefore judge for yourself whether you are at the required skill level to gain the certification.

There are no restrictions on the amount of times you may take the practice exam, and you may also quit the test simulation and begin again.

To undertake the certification exam, you will need access to an active subscription of Burp Suite Professional. Get a subscription to Burp Suite Professional now, if you don't already have access to a separate license.

You must study and prepare to take the Burp Suite Certified Practitioner exam

Burp Suite Professional

To successfully pass the Burp Suite Certified Practitioner exam, you must be able to use Burp Suite Professional at a competent level. The basic skills we expect you to demonstrate, using the many functionalities of Burp Suite Professional, are as follows:

In addition, we require that you use a project file, which we may request up to a week after you have taken the exam to confirm your certificate or investigate any reported issues.