Burp Suite Certified Practitioner
Practical web security certification from the creators of Burp Suite. 4-hour exam exploiting 2 web applications across 3 stages each. Free training via the PortSwigger Web Security Academy (240+ labs). The most cost-effective practical web exploitation certification available. 5-year validity.
What you'll prove
- Identify and exploit SQL injection, XSS, CSRF, SSRF, and XXE vulnerabilities
- Bypass authentication controls and escalate privileges in web applications
- Chain multiple vulnerabilities to achieve admin access and file read
- Apply advanced attack techniques including deserialization and SSTI
- Operate Burp Suite Professional proficiently for web application testing
Frequently asked
How much does BSCP cost?
$99 per exam attempt. Burp Suite Professional is required ($499/yr) but most working pentesters already have access through their employer.
Is BSCP hard?
Very. The 4-hour time limit for 6 exploitation stages requires strong methodology and proficiency with Burp Suite. Pass rate is estimated under 30% on first attempt for candidates who haven't thoroughly completed the Web Security Academy labs.
Is PortSwigger Web Security Academy free?
Yes. The entire Web Security Academy including 240+ labs is completely free. Only the BSCP exam itself costs $99.