Mastering Burp Suite Pro from Center for Cyber Security Training LLC

Online, Instructor-Led
Classroom

This training isn’t about Web hacking. Instead, this training is for Web hackers who want to master their toolbox.

Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks. Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing. Work will be faster (hotkeys!) and much more efficient (more tools, more possibilities!). Attendees will also learn to measure and assess the quality of their attacks, a crucial skill in real-life engagements that can make the difference between a false-negative and a critical finding.

Learning Objectives

After an introduction to the training platform and its challenges, this day is spent on well-defined tasks where the goal is to find flags, like in CTF contests. We practice basic automation using tools like Proxy, Repeater and Intruder. The goal is to improve the speed of our interactions with the tool, while monitoring and self-assessing our attacks.
Challenges get more realistic: solving them requires a good understanding of the underlying application and the usage of multiple Burp Suite tools, possibly including extensions. Additionally, we keep working on the efficiency of the testing workflow (using shortcuts or extensions) and on self-monitoring (now with Logger++). The latter skill will prove itself invaluable when working on session handling rules.
Next, we dig deeper in advanced subjects. That covers authorization testing, custom active scanning, Web Services and much more! Built-in features are pushed to their limits, and extra ones provided by extensions are commonly used.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

Vulnerability Assessment and Management
Exploitation Analysis
Training, Education, and Awareness

Course Location Map

Your Location
Providers
Courses
Course and Provider Quantity

Overall Proficiency Level

2 - Intermediate

Course Prerequisites

Students should have:

Basic knowledge of Burp Suite (UI navigation, traffic interception and replay)

Training Purpose

Functional Development

Skill Development

Specific Audience

All

Delivery Method

Online, Instructor-Led

Classroom

Course Location

7000 Columbia Gateway Drive
Suite 150
Columbia, MD 21046

More courses from this provider:

Center for Cyber Security Training LLC

Contact Information

1152 Tyler Ave
Annapolis, MD 21403

Visit course page for more information on Mastering Burp Suite Pro

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.