Hi, I recently passed the Burp Suite Certified Practitioner exam and wanted to share my full honest journey. It took me a couple of tries to pass it, 4 attempts to be exact. I will try to keep this blog sweet and simple and give some background on myself.
I am working as a Cyber Security Consultant for a while now. I have accomplished some certifications such as OSCP, CPSA, eJPT, etc. but nothing too focused on web application before. I had my fundamentals cleared on OWASP Top 10 and a few more Web application vulnerabilities. It still wasn’t enough for the exam.
For this exam, you can start the Port Swigger Academy right away. All the content provided by them will provide you with a strong base and it’s all FREE. Even if you aren’t interested in the certificate itself and are interested in Web Application Security — you should Sign up on the platform, its no doubt one of the best free platforms to learn Web App Security from Beginners to Intermediate. Every Vulnerability has labs that are divided on its level of complexity i.e. Apprentice, Practitioner, and Expert.
Port Swigger recommends finishing all the labs till Practitioner if you are preparing for the certificate but don’t be afraid to do some Expert labs as well. I personally did all the labs till Practitioner and some Expert labs (the ones which seemed most interesting to me) before the Exam. I am still working on the Expert labs and I think if you wanna get a better understanding of the findings you should do it too before the exam.
If you are looking for a list of labs divided on level-based, you can look at my Github Repo.
There are 2 Web applications with 3 Vulnerabilities in each application i.e. 6 Stages in total. To pass the exam you need to finish all the stages in 4 hours.
You need to do all the stages in order — First, get access to a low-level user account, Escalate Privileges to the high-level administrator account and Lastly get contents of a file. Luckily, Port swigger has a Practice Exam and it will give you an understanding of how the exam can be. Do give it before you’re going for the exam.