After this lesson, you will be able to: Understand what Burp Suite is, the editions and what each offers, what you will be able to do by the end of this subtrack, and why Burp proficiency appears in nearly every web security job.
Burp Suite is the industry-standard platform for web application security testing, made by PortSwigger. This subtrack takes you from never having opened Burp to working as a professional web application tester: intercepting and modifying requests, finding and exploiting common vulnerabilities, automating attacks, writing extensions, and reporting findings. Every lesson starts from zero familiarity with Burp specifically.
This is a free introductory lesson. No purchase required.
Burp Suite is an integrated platform for web application security testing. It sits between your browser and the web application as a proxy, letting you read and modify every HTTP/HTTPS request and response. Penetration testers, bug bounty hunters, application security engineers, and developers who want to understand how their apps can be attacked all use it. If you test web apps for a living, you use Burp.
Community is free with some features rate-limited (Intruder is throttled, the Scanner is absent). Professional (about $450/year) is the industry standard: full-speed Intruder, the automated Scanner, the Logger, and more. Enterprise is automated scanning for organizations. This subtrack teaches Community and Professional features; most exercises work in Community, and the lessons flag where Professional is needed.
By the end you will intercept and modify any request from a browser, manually confirm SQL injection and XSS, automate attacks with Intruder, fuzz for hidden content, use the Scanner, install and write extensions, test for business-logic and advanced vulnerabilities (request smuggling, OAuth, CORS, prototype pollution), and write professional bug reports. In short, you will be able to do the core work of a web application tester.
Bug bounty hunting, penetration testing, AppSec engineering, secure code review, and compliance testing all require Burp proficiency; it appears in almost every web security job description. Your companion resource throughout this subtrack is the PortSwigger Web Security Academy: free, world-class labs built specifically for Burp practice, with a public profile that tracks the labs you complete (a real portfolio signal). Create an account before the next lesson.