All courses
Resource hub
Featured resource
Tech Upskilling Playbook 2025
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Learn more
Hamburger Icon
  • Path icon Learning Path
    • Libraries: This path is only available in the libraries listed. To access this path, purchase a license for the corresponding library.
  • Security
    •

Web App Pen Testing with Burp Suite

10 Courses
4 Labs
12 Hours
Skill IQ

Burp Suite is a powerful toolkit used by cybersecurity professionals and pentesters to check the security of web applications. It offers features like scanning for vulnerabilities, manual testing tools, intercepting proxy, and attack simulation for threats like SQL injection and XSS. With Burp Suite, users can analyze web traffic, manipulate data, and find and fix security issues, helping prevent attacks by malicious users. Its user-friendly interface and robust features make it a top choice for cybersecurity experts.

Get started

Content in this path

Web App Pen Testing with Burp Suite

Burp Suite is a powerful toolkit used by cybersecurity professionals and pentesters to check the security of web applications. It offers features like scanning for vulnerabilities, manual testing tools, intercepting proxy, and attack simulation for threats like SQL injection and XSS. With Burp Suite, users can analyze web traffic, manipulate data, and find and fix security issues, helping prevent attacks by malicious users. Its user-friendly interface and robust features make it a top choice for cybersecurity experts.

Course

Burp Suite Installation and Basic Functionality

  • by Ricardo Reimao
  • 1h 2m
  • Mar 05, 2024
Course

Crawl and Scan with Burp Suite

  • by Ricardo Reimao
  • 57m
  • Jun 13, 2024
Course

Validate Findings with Burp Suite

  • by Malek Mohammad
  • 58m
  • Feb 04, 2025
Course

OWASP Top 10 with Burp Suite

  • by Mike Woolard
  • 1h 10m
  • Sep 09, 2024
Course

Authentication and Authorization Testing with Burp Suite

  • by Ricardo Reimao
  • 1h 24m
  • Apr 15, 2024
Course

Session Management Testing with Burp Suite

  • by Ricardo Reimao
  • 53m
  • Jul 31, 2024
Course

Business Logic Testing with Burp Suite

  • by Malek Mohammad
  • 28m
  • Oct 11, 2024
Course

Input Validation Testing with Burp Suite

  • by Ricardo Reimao
  • 59m
  • Jun 26, 2024
Course

Bug Bounty Hunting with Burp Suite

  • by Malek Mohammad
  • 24m
  • Mar 31, 2025

Web App Pen Testing with Burp Suite Labs

Explore advanced capabilities in the Burp Suite lab environments!

Course

Getting Started in the Lab Environment

  • by Aaron Rosenmund
  • 6m
  • Oct 07, 2021
Lab

Capturing Requests with Repeater

  • by Shimon Brathwaite
  • 55m
  • Jul 30, 2025
Lab

Automating Attacks with Intruder

  • by Sahil Gupta
  • 30m
  • Aug 05, 2025
Lab

Advanced Capabilities with Burp Suite

  • by Sahil Gupta
  • 40m
  • Aug 04, 2025
Lab

API Testing with Burp Suite

  • by Angel Sayani
  • 1h 15m
  • Aug 04, 2025
Try this learning path for free
Access this learning path and other top-rated tech content with a free trial.
Free individual trial Free team trial
Have questions? Get them answered now.
Start a live chat
What You'll Learn
  • Basic functionality, Use Cases and Terminology of Burp
  • Set up your Burp Suite environment
  • Demonstrate and navigate Burp Suites features (most commonly used tools)
  • Crawling with Burp Suite
  • Scanning with Burp Suite
  • Reporting discovered vulnerabilities
  • Repeating with Repeater
  • Decoding with Decoder
  • Intruding with Intruder
  • Collaborating with Collaborator
  • Exploiting OWASP Top 10
  • Assessing authentication schemes
  • Assessing authorization checks
  • Assessing session management mechanisms
  • Assessing business logic
  • Evaluating input validation
  • Attacking the client (please don't overlap with OWASP Top 10)
  • Great extensions for pen testers
Prerequisites
  • You should be familiar with the HTTP protocol, common web vulnerabilities like SQL injection, cross-site scripting (XSS), and CSRF (Cross-Site Request Forgery), and basic knowledge of networking concepts, such as TCP/IP, DNS, and proxies.
Related topics
  • Burp Suite
  • Red Team
  • Pentesting
  • Penetration Testing
Not sure where to start?
With over 500 assessments to choose from, you can see where your skills stand and receive adaptive learning recommendations to fill knowledge gaps in as little as 10 minutes.
Learn more

Learn with the best

Ricardo Reimao
Ricardo Reimao
Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 14+ years of IT experience, 10 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.
Malek Mohammad
Malek Mohammad
Malek Mohammad is an Information Security Consultant and Penetration Tester with previous software development experience. Malek works on making payment applications more secure through Penetration Testing and Threat Modeling. In addition, He helped many software developers in designing their application with security in mind, and not as an afterthought. Malek still has enthusiasm for software development, he uses Python to automate attack scenarios.
Mike Woolard
Mike Woolard
Mike is an information security manager who has worked in the IT and Information Security fields for 22+ years. A broad background from helpdesk to sysadmin, system engineer, networking, DB and development work. Most of Mike's work now centers around pentests and risk assessments, but an integral part will always be awareness training. An active member in various local security groups, Mike volunteers, speaks, or attends various information security cons.
Aaron Rosenmund
Aaron Rosenmund
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur...
Shimon Brathwaite
Shimon Brathwaite
Shimon Brathwaite is a seven-year cybersecurity professional with extensive experience in Incident Response, Vulnerability Management, Identity and Access Management and Consulting. He has worked at one of the Big Four consulting firms, multiple of Canada’s largest banks and in startup environments. In addition to his full-time work, he runs a blog securitymadesimple.org, a consulting company and is a published author with four books on cybersecurity. He is open for engagements related to cybers...
Sahil Gupta
Sahil Gupta
Sahil Gupta is a skilled cybersecurity professional with a focus on Product Security. Their expertise lies in implementing DevSecOps practices such as SAST, SCA, DAST, IAST, RASP, WAF, Cloud Native Security, and Supply Chain Security. With certifications including Certified Ethical Hacker (CEHv10), IBM Cybersecurity Analyst Professional, and Fortify DAST and SAST Certified Specialist, they excel in conducting comprehensive Penetration testing for Web and API applications. Renowned for their pro...
Angel Sayani
Angel Sayani
Angel Sayani is a tech prodigy who holds over 25 advanced and prestigious IT certifications, including CompTIA Advanced Security Practitioner™ (CASP+), Certificate of Cloud Security Knowledge (CCSK) and Certified Forensics Analyst (CFA). She conducted advanced research on quantum computing and cryptography at New York University. She has been spotlighted in prominent business magazines and earned awards of “10 Most Ambitious Leaders to Watch in 2024” for innovation and leadership. She is the Fou...

Join our learners and upskill
in leading technologies