Mastering Burp Suite: A Journey to Certification and Beyond

28 October 2023 at 23:06

Mastering Burp Suite: A Journey to Certification and Beyond

Greetings, everyone! I’m back with the grandest of brooms, ready to sweep away three years’ worth of dust that’s gathered on this aging blog. Over this time, my life has seen significant changes, both personally and professionally. The most remarkable of these changes has been embracing the title of a girl-dad – an experience that has transformed my life in ways I never imagined. As outlandish as some of the rumors may be, I’m here to set the record straight by confirming that the answer to the top three questions people have been asking me is emphatically ‘NO’:

Did I vanish into a cosmic abyss?
Did I unearth and capitalize on a zero-day exploit, catapulting me into the elite 1%?
Did I amass a fortune in Bitcoin and bask in retirement on the pristine shores of the Cayman Islands?

The purpose of this post is threefold:

To share my personal journey through the Burp Suite Practitioner Certification, offering insights into the challenges and victories I encountered along the way.
To provide valuable resources and tips that were instrumental in my certification journey, aiding others in their quest to pass the exam on their first attempt.
To inspire and encourage fellow cybersecurity enthusiasts to embark on their certification journeys, highlighting the value of accessible labs and the wealth of resources available from trusted authorities in the field.

If you’re already well-prepared, completed the labs, and are seeking last-minute exam tips, feel free to skip ahead.

Unwrapping the Burp Suite Practitioner Certification

The Burp Suite Certified Practitioner (BSCP) certification, presented by PortSwigger, the creators of Burp Suite, marks a significant milestone in one’s web security career. It demonstrates the ability to identify vulnerabilities, bypass defense mechanisms, and exploit them using Burp Suite. While some lab material delves into extreme depth, PortSwigger’s well-structured learning path and excellent course materials make most topics accessible and engaging. A detailed lab breakdown can be found in the appendix here.

Investing Wisely: Navigating the Cost of Certification

The BSCP certification costs just $99, which may surprise some. This affordability challenges our expectations, especially in a world accustomed to $1,500 courses and expiring lab subscriptions. It’s a psychological shift, and while it might seem cheap, remember that you’ll also need a Burp Pro license, mandatory for the exam. Currently priced at $449.

Juggling Parenthood and Certification Preparation

The path to certification requires unwavering consistency and willpower. I personally stopped and started my journey multiple times over two years. Acknowledging my lackluster focus, I decided to reset my lab progress in July and start from scratch. As of October 26, 2023, I’ve solved over 200 labs, covering Apprentice and Practitioner levels. The difference this time? I took notes diligently. A valuable lesson: embrace discipline and take notes alongside your hacking journey.

Exam readiness - check!

Cracking the Books: A Deep Dive into the Study Process

I embarked on my journey using Obsidian and Burp, with the ambitious goal of completing an entire topic per day (26 in total). My commitment was to ensure that I never went a day without at least completing some labs or reading material. The key to my success was not overlooking foundational topics. I’ve learned that reinforcing the basics keeps me receptive and offers fresh perspectives.

Decoding the Essentials: A Closer Look at Course Topics

Portswigger’s materials stands at the top tier when it comes to web application vulnerability resources. It’s free, which is a game-changer. No more scouring the internet and deploying vulnerable apps with no guidance. The labs are a gift, especially if you’ve experienced the frustration of unresolved vulnerabilities and endless PHP exceptions. While some topics may be challenging at first, the satisfaction of grasping something new is unmatched.

Navigating Your Web Application Security Certification Choices

When it comes to web application security certifications, choosing the right path can be a daunting task. The decision should be based on your existing knowledge, career goals, and the level of expertise you wish to achieve. Remember, there’s no one-size-fits-all choice in this journey.

OSWA (Offensive Security Web Application):

OSWA claims the top spot due to its foundational and accessible nature, making it an ideal starting point for beginners. This certification provides an essential understanding of web application security, laying a solid groundwork for more advanced certifications. It’s perfect for those new to the field and seeking to build a strong knowledge base.

BSCP (Burp Suite Certified Practitioner):

BSCP earns the second place in the ranking for its specific focus on Burp Suite, the most popular web vulnerability scanner and security tool. This certification is valuable for individuals looking to master Burp Suite and enhance their web security assessment skills. It’s a practical choice for those who wish to specialize in this tool and its applications.

eWPTX (eLearnSecurity Web Application Penetration Tester eXtreme):

eWPTX secures the third position, offering a comprehensive and in-depth exploration of web application penetration testing. It’s an excellent choice for web security professionals looking to elevate their expertise and gain advanced skills in this domain. eWPTX provides hands-on experience and practical scenarios, making it a valuable certification for those aiming to take their career to the next level.

OSWE (Offensive Security Web Expert):

OSWE occupies the fourth rank, signifying its advanced and specialized focus on web application security. This certification is tailored for professionals seeking mastery in advanced web security assessment techniques and defense mechanisms. It’s ideal for those who have already built a strong foundation in web application security and are prepared for the challenges of in-depth expertise in the field.

The Path to Success: Navigating the Exam Journey

To register for the exam, you must complete at least one Practitioner-level lab from each topic, five mystery labs, and one practice exam. Mystery labs challenge you to identify vulnerabilities without explicit objectives. During the exam, you’ll need to compromise two applications within a four-hour window, moving from an anonymous user to an administrative user, and eventually gaining Remote Code Execution (RCE) to retrieve a secret file. The logistics are straightforward, but be prepared to start the exam from a Windows machine, even though you can complete it on your Kali box. You can read the official instructions here.

Acing the Exam: Strategies for Passing on Your First Attempt

First and foremost, dismiss the notion that you have to fail on your first try. The sentiment of preparing to fail on the first attempt is pervasive but not necessary.

Understanding Exam Dynamics:

Mastery of the exam dynamics is crucial, as it involves understanding the rules for completing each application, guiding you through discrete steps.
This knowledge is a significant advantage, allowing you to isolate specific topics for different phases of the exam.
For instance, you’re unlikely to encounter SQL injection or command injection when attempting to gain initial access; instead, client-side attacks to access a user’s session are more common.
Credit to @botesjuan who I believe is the original creator of the commonly shared image below

Master Client-Side Delivery With The Exploit Server:

The effective use of the exploit server is paramount to your success. Even if your highly experienced, the bare minimum requirements for the exam often lead to failure.
Relying solely on one Practitioner lab per topic doesn’t adequately prepare you for the exam’s mechanics.

Weaponize Your Client-Side Payloads

Avoid regarding your alert as the ultimate solution in the labs; it’s insufficient in the exam. Instead, understand in each instance how you can exfiltrate cookies through your collaborator or exploit server.
In many labs, you’ll achieve this using an iFrame, but be prepared for unexpected challenges. For example, some vulnerable pages may have X-Frame options that block iFrames.

Complete All Practitioner Labs:

Completing all Practitioner-level labs is essential, primarily for the sake of familiarity. The exam follows a similar structure to the labs, making your experience invaluable.
With enough practice, you’ll develop an intuitive sense and a mental checklist of potential vulnerabilities to look for.

Utilize Common Obfuscation and Encoding Techniques:

While labs may not require you to bypass web application firewalls (WAFs), the exam certainly does. Don’t underestimate the importance of obfuscation and encoding techniques.
Falling short in this area during the exam can lead to pitfalls, so be well-prepared.

Compile Proof-of-Concept (POC) Code:

It’s a recipe for disaster to rely solely on grabbing solutions from the lab materials during the exam, especially when you have only 40 minutes per vulnerability.
Ensure you have POC code readily available for each potential vulnerability you may encounter.

Perform Targeted Scanning, Don’t Rely On It

While targeted scanning is a valuable skill, it’s unwise to solely depend on it to solve the exam. The ability to actively scan the webroot and resolve the exam isn’t guaranteed.
Consider learning targeted scanning as an additional tool in your toolkit; it may prove useful in certain scenarios.

Value PortSwigger’s Hints:

Don’t overlook the hints provided by PortSwigger themselves. These hints can provide critical guidance and insights, potentially making your exam experience smoother and more successful.

Rich Resources: Your Ultimate Toolkit

A big shout-out to the authors of the following content, which proved immensely valuable during my journey. If you aim to pass the exam on your first attempt, bookmark these resources and know them inside and out.

Unlocking Wisdom: Blogs for your Journey

YouTube Guides: Navigating the World of Burp Suite

Burp Plugin Power: Enhancing Your Toolkit:

The Final Verdict on the Burp Suite Practitioner Certification

Through this incredible journey, I’ve ventured into unfamiliar territories while strengthening my knowledge in familiar ones. The accessible labs have proven invaluable, offering a wealth of resources to all, even those who might not be interested in certification.

I want to underscore that if I can persevere through this certification journey with a newborn by my side, anyone with the motivation, focus, and determination can do it too. This certification offers a path to expertise in web security, a field where knowledge is power. So, dive in, make use of the resources I’ve shared, and indulge in your favorite topics. The journey is challenging, but the destination is worth every effort. Until next time, stay inspired and stay secure.

Appendix

My Favorite Topics

Prototype Pollution
HTTP Request Smuggling
Race Conditions

Lab Breakdown

Topic	Total Apprentice Labs	Total Practitioner Labs	Total Expert Labs
SQLi	2	16	0
XSS	9	15	6
CSRF	1	11	0
Clickjacking	3	2	0
DOM-Based	0	5	2
CORS	2	1	1
XXE	2	5	1
SSRF	2	3	2
Request Smuggling	0	15	7
Command Injection	1	4	0
SSTI	0	5	2
Path Traversal	1	5	0
Access Control	9	4	0
Authentication	3	9	2
WebSockets	1	2	0
Cache Poisoning	0	9	4
Deserialization	1	5	3
Info Disclosure	4	1	0
Business Logic	4	7	0
Host Header	2	4	1
OAuth	1	4	1
File Upload	2	4	1
JWT	2	4	2
Prototype Pollution	0	9	1
GraphQL	1	4	0
Race Conditions	1	4	1
NoSQL	2	2	0

The post Mastering Burp Suite: A Journey to Certification and Beyond appeared first on Certification Chronicles.

Normal view