=

Course Foundation (Burp Suite Mastery)

The Burp Suite Certified Practitioner (BSCP) demonstrates a user's ability to detect and exploit web vulnerabilities using Burp Suite Professional. It is a prestigious certification that validates your deep understanding of web security and your proficiency with the industry's leading toolkit.

Core Domains

A comprehensive curriculum based on the PortSwigger Web Security Academy:

Injection & Server-Side

SQL Injection, OS Command Injection, SSRF, XXE, and Directory Traversal.

Client-Side Attacks

Cross-Site Scripting (XSS), CSRF, CORS configurations, and DOM-based vulnerabilities.

Advanced Exploits

HTTP Request Smuggling, Web Cache Poisoning, Insecure Deserialization, and GraphQL API attacks.

Authentication & Authorization

Brute-force attacks, Session fixation, Logic flaws, IDOR, and Privilege Escalation.

Burp Suite Mastery

Expert use of Scanner, Intruder, Repeater, Sequencer, and Collaborator.

Business Logic Flaws

Exploiting design flaws, excessive trust in client controls, and timing attacks.

Exam Format

4-Hour Exam

Intense 4-hour practical exam testing your ability to exploit vulnerabilities under pressure.

2 Target Apps

You must fully compromise two separate applications to pass.

100% Score Required

You must reach the 'admin' account and read the 'secret' file on both targets.

Key Considerations

  • Prerequisites: Deep familiarity with OWASP Top 10 and Burp Suite Pro features.
  • Preparation: Completing the PortSwigger Web Security Academy labs is essential.
  • Difficulty: High. The time limit is the biggest challenge. Efficient methodology is key.