Complete eight specific labs
Complete five practitioner-level mystery labs
Take and pass the practice exam
We'll also be running weekly mini challenges throughout the incentive - completing these mini challenges will give you the opportunity to win exclusive swag bundles
Keep an eye on our social media channels as all mini challenges will be announced there

1: Complete one practitioner lab from each of the topics

We recommend that you select the most challenging-sounding non-expert lab from each topic, as this will be the best test of your skills

View a list of all required topics

2: Complete eight specific labs

Blind SQL injection with out-of-band data exfiltration

Forced OAuth profile linking

Exploiting HTTP request smuggling to capture other users' requests

SSRF with blacklist-based input filter

SQL injection with filter bypass via XML encoding

Discovering vulnerabilities quickly with targeted scanning

3: Complete five practitioner-level mystery labs

In some of the labs, you have access to your own account with the credentials wiener:peter
If you can enumerate usernames, you may also be able to brute-force the login using the following username and password wordlists

4: Take and pass the practice exam

You've got two hours to complete the practice exam - are you ready?

What is the Burp Suite Certified Practitioner exam credit for?

Who is eligible to enter the competition?

Do I have to pass the practice exam on my first attempt?

How will I get my Burp Suite Certified Practitioner exam credit?

Will I receive my Burp Suite Certified Practitioner exam credit automatically?

How long will I have to use my Burp Suite Certified Practitioner exam credit?

Do I need a Burp Suite Professional license to complete the challenges?

How the exam works

Exam hints and guidance

What the exam involves