Course Foundation (Burp Suite Mastery)
The Burp Suite Certified Practitioner (BSCP) demonstrates a user's ability to detect and exploit web vulnerabilities using Burp Suite Professional. It is a prestigious certification that validates your deep understanding of web security and your proficiency with the industry's leading toolkit.
Core Domains
A comprehensive curriculum based on the PortSwigger Web Security Academy:
Injection & Server-Side
SQL Injection, OS Command Injection, SSRF, XXE, and Directory Traversal.
Client-Side Attacks
Cross-Site Scripting (XSS), CSRF, CORS configurations, and DOM-based vulnerabilities.
Advanced Exploits
HTTP Request Smuggling, Web Cache Poisoning, Insecure Deserialization, and GraphQL API attacks.
Authentication & Authorization
Brute-force attacks, Session fixation, Logic flaws, IDOR, and Privilege Escalation.
Burp Suite Mastery
Expert use of Scanner, Intruder, Repeater, Sequencer, and Collaborator.
Business Logic Flaws
Exploiting design flaws, excessive trust in client controls, and timing attacks.
Exam Format
4-Hour Exam
Intense 4-hour practical exam testing your ability to exploit vulnerabilities under pressure.
2 Target Apps
You must fully compromise two separate applications to pass.
100% Score Required
You must reach the 'admin' account and read the 'secret' file on both targets.
Key Considerations
- Prerequisites: Deep familiarity with OWASP Top 10 and Burp Suite Pro features.
- Preparation: Completing the PortSwigger Web Security Academy labs is essential.
- Difficulty: High. The time limit is the biggest challenge. Efficient methodology is key.