Web App Pen Testing with Burp Suite

Burp Suite Installation and Basic Functionality

by Ricardo Reimao
1h 2m
Mar 05, 2024

Crawl and Scan with Burp Suite

by Ricardo Reimao
57m
Jun 13, 2024

Validate Findings with Burp Suite

by Malek Mohammad
58m
Feb 04, 2025

OWASP Top 10 with Burp Suite

by Mike Woolard
1h 10m
Sep 09, 2024

Authentication and Authorization Testing with Burp Suite

by Ricardo Reimao
1h 24m
Apr 15, 2024

Session Management Testing with Burp Suite

by Ricardo Reimao
53m
Jul 31, 2024

Business Logic Testing with Burp Suite

by Malek Mohammad
28m
Oct 11, 2024

Input Validation Testing with Burp Suite

by Ricardo Reimao
59m
Jun 26, 2024

Bug Bounty Hunting with Burp Suite

by Malek Mohammad
24m
Mar 31, 2025

Web App Pen Testing with Burp Suite Labs

Explore advanced capabilities in the Burp Suite lab environments!

Getting Started in the Lab Environment

by Aaron Rosenmund
6m
Oct 07, 2021

Capturing Requests with Repeater

by Shimon Brathwaite
55m
Jul 30, 2025

Automating Attacks with Intruder

by Sahil Gupta
30m
Aug 05, 2025

Advanced Capabilities with Burp Suite

by Sahil Gupta
40m
Aug 04, 2025

API Testing with Burp Suite

by Angel Sayani
1h 15m
Aug 04, 2025

Try this learning path for free

Access this learning path and other top-rated tech content with a free trial.

Free individual trial

Free team trial

What You'll Learn

Basic functionality, Use Cases and Terminology of Burp
Set up your Burp Suite environment
Demonstrate and navigate Burp Suites features (most commonly used tools)
Crawling with Burp Suite
Scanning with Burp Suite
Reporting discovered vulnerabilities
Repeating with Repeater
Decoding with Decoder
Intruding with Intruder
Collaborating with Collaborator
Exploiting OWASP Top 10
Assessing authentication schemes
Assessing authorization checks
Assessing session management mechanisms
Assessing business logic
Evaluating input validation
Attacking the client (please don't overlap with OWASP Top 10)
Great extensions for pen testers

Prerequisites

You should be familiar with the HTTP protocol, common web vulnerabilities like SQL injection, cross-site scripting (XSS), and CSRF (Cross-Site Request Forgery), and basic knowledge of networking concepts, such as TCP/IP, DNS, and proxies.

Burp Suite
Red Team
Pentesting
Penetration Testing

Not sure where to start?

With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.

Learn more

Learn with the best

Ricardo Reimao

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 14+ years of IT experience, 10 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

Malek Mohammad

Malek Mohammad is an Information Security Consultant and Penetration Tester with previous software development experience. Malek works on making payment applications more secure through Penetration Testing and Threat Modeling. In addition, He helped many software developers in designing their application with security in mind, and not as an afterthought. Malek still has enthusiasm for software development, he uses Python to automate attack scenarios.

Mike Woolard

Mike is an information security manager who has worked in the IT and Information Security fields for 22+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness training. An active member in various local security groups, Mike volunteers, speaks, or attends various information security cons.

Aaron Rosenmund

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur...

Shimon Brathwaite

Shimon Brathwaite is a seven-year cybersecurity professional with extensive experience in Incident Response, Vulnerability Management, Identity and Access Management and Consulting. He has worked at one of the Big Four consulting firms, multiple of Canada’s largest banks and in startup environments. In addition to his full-time work, he runs a blog securitymadesimple.org, a consulting company and is a published author with four books on cybersecurity. He is open for engagements related to cybers...

Sahil Gupta

Sahil Gupta is a skilled cybersecurity professional with a focus on Product Security. Their expertise lies in implementing DevSecOps practices such as SAST, SCA, DAST, IAST, RASP, WAF, Cloud Native Security, and Supply Chain Security. With certifications including Certified Ethical Hacker (CEHv10), IBM Cybersecurity Analyst Professional, and Fortify DAST and SAST Certified Specialist, they excel in conducting comprehensive Penetration testing for Web and API applications. Renowned for their pro...

Angel Sayani

Angel Sayani is a tech prodigy who holds over 35 advanced and prestigious IT certifications, including CompTIA Advanced Security Practitioner™ (CASP+), Certificate of Cloud Security Knowledge (CCSK) and Certified Forensics Analyst (CFA). She conducted advanced research on quantum computing and cryptography at New York University. She has been spotlighted in prominent business magazines and earned awards of “10 Most Ambitious Leaders to Watch in 2024” for innovation and leadership. She is the Fou...