Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Passed BSCP - Thank you PortSwigger!

Steven | Last updated: Jul 24, 2024 05:19AM UTC

I really enjoyed the BSCP experience. The labs felt challenging, and even though I've had 15+ years of web app testing experience, the exercises put me through my paces. I've never felt as frustrated with a web application vulnerability as when I attempted the practice exams. That's when I knew I really had to dig in and be well prepared for the exam. I passed on my first attempt in 1 hour 52 minutes. Having an index of payloads for each scenario is very useful. When you do labs, pretend it's a real exam. They say the objective is just to pop an alert? Na, go ahead and write a POC to steal the cookie (Just remember if you get a hit on your collab and the cookie is empty, it's because no session is set for the victim. It still worked!) Everything is either a foothold, an escalation, or allows local file read, so treat the labs as such. The time really is not an issue since there are not that many possible vulnerabilities, and it doesn't take that long to exhaust each possibility. Remember that testing is not just about finding the vulnerability. It's also answering "is this thing NOT vulnerable"? Just because I get an x-cache hit/miss on a page doesn't mean it's going to lead to cache poisoning if there is no reflection from a user controlled parameter/header (query string, origin, user agent, etc). You should be confident after testing a function for 10 minutes that it is NOT vulnerable to the thing. Get your payloads for everything prepared beforehand. The labs pretty much cover all possibilities, so you can mirror the lab format in your index. You got this!

Ben, PortSwigger Agent | Last updated: Jul 24, 2024 07:39AM UTC