BSCP-Guide

Burp Suite Certified Practitioner Guide.

Exam-Quick-Checklist

• Reconnaissance checklist to aid in the discovery phase and provide guidance while determining an exploitation method.
• Each Topic has the following entries:
  • Name
  • Objective
  • Most Probable Exam Stages to Find This Vulnerability
  • Reconnaissance - Where to look for it
  • Reconnaissance - Determine the type

Topics

• Access Control
• API Testing
• Authentication
• Business Logic
• Clickjacking
• CORS
• CSRF
• DOM-based vulnerabilities
• Encoding
• File Upload
• GraphQL
• Host header vulnerabilities
• HTTP Request Smuggling
• Information Disclosure
• Insecure Deserialization
• JWT
• NoSQL Injection
• OAuth
• OS Command Injection
• Path Traversal
• Prototype Pollution
• Race conditions
• Recon
• SQLi
• SSRF
• SSTI
• Web Cache Poisoning
• Web LLM attacks
• WebSocket
• XSS
• XXE

Practice Exam Payloads

• Practice Exam Payloads and Resources