Burp Suite: Web Application Testing

Lessons

1. 1

   What is Burp Suite and Why Do Security Professionals Use It?

   Free

   Understand what Burp Suite is, the editions, what you will be able to do, and why Burp proficiency is in nearly every web security job.

   Beginner·20 min
2. 2

   Installing Burp Suite and Configuring Your Browser

   Install Burp, understand the proxy concept, route your browser through Burp, install the CA certificate, and intercept your first request.

   Beginner·40 min
3. 3

   The Burp Suite Interface

   Navigate every panel a professional uses daily: Dashboard, Target, Proxy, Intruder, Repeater, Decoder, Comparer, Logger, Sequencer, Extensions.

   Beginner·35 min
4. 4

   HTTP History and Scope

   Read and filter HTTP history, understand requests/responses in depth, set scope, and map an application's attack surface.

   Beginner·40 min
5. 5

   Burp Repeater: The Core of Manual Testing

   Send, modify, and resend requests in Repeater, read responses, and manually find a SQL injection point without automation.

   Intermediate·45 min
6. 6

   Testing Authentication and Session Management

   Analyze cookies and tokens, find IDOR, test reset flows and session fixation, and analyze JWTs (including alg:none).

   Intermediate·50 min
7. 7

   Testing for Injection Vulnerabilities

   Manually test for SQLi (error/boolean/time-based), XSS (reflected/stored/DOM), command injection, XXE, and SSTI.

   Intermediate·55 min
8. 8

   Burp Intruder: Automated Customized Attacks

   Use positions and payloads, the four attack types (Sniper/Battering Ram/Pitchfork/Cluster Bomb), Grep-Match/Extract, and the Community workaround.

   Intermediate·50 min
9. 9

   Fuzzing and Parameter Discovery

   Fuzz for hidden content/params (and when to use feroxbuster/gobuster), use SecLists, and Turbo Intruder for speed.

   Intermediate·45 min
10. 10

    Burp Scanner (Professional)

    Understand passive vs active scanning, crawling, reading results, tuning audit profiles, and the limits of automation.

    Intermediate·40 min
11. 11

    Burp Extensions and the BApp Store

    Install and use essential extensions, and write a basic extension with the Burp (Montoya) API.

    Advanced·45 min
12. 12

    Testing for Business Logic Flaws

    Find logic flaws scanners miss: price/quantity manipulation, workflow bypass, and trust-boundary violations.

    Advanced·45 min
13. 13

    Advanced Web Vulnerabilities

    Test HTTP request smuggling, WebSocket security, OAuth 2.0 attacks, CORS misconfigurations, and prototype pollution.

    Advanced·55 min
14. 14

    Bug Bounty Methodology with Burp Suite

    Run a complete bug-bounty workflow: recon to scope, structured methodology, project files, responsible disclosure, and great reports.

    Advanced·50 min
15. 15

    Burp Suite Passion Project

    Complete three PortSwigger Practitioner labs across three vulnerability categories and write a professional bug report for each, compiled into a portfolio PDF.

    Advanced·150 min
16. 16

    Burp Suite Job Readiness

    Translate Burp proficiency into a web-security career: job titles, certifications (especially BSCP), and a portfolio checklist.

    Advanced·35 min