Burp Certified Practitioner Exam

Right, no spoilers here! This is just a high level experience of my arduous journey of being  a Burp Certified Practitioner.  After looking around for a worthy certification for 2021, I settled on Burp Certified Practitioner, being a full time pen-tester and mostly doing Web App testing, Burp had always been my go to arsenal. Hence, when I saw this exam offered by Portswigger, it made perfect sense for me to embark on the challenge. 

Firstly, this exam is NOT easy, it test you in blackbox Web pen-test. From a scale of 1 to 10, 10 being very difficult, I rate it a 7 or even a 8 (depending on how many times you did it, LOL). You need to solve 6 questions to capture 2 flags in a 2 host challenge under 4 hours. It must to be done in the following order - Initial entry by compromising any user account, privilege escalate to access the admin interface and finally, read the contents of /home/carlos/secret file. Initially, Portswigger gave us 3 hours but after too many people had complained, I guess they relented. Each time you re-sit the exam, you will get new machines. So don't hope of the same questions. If you are lucky you might see some similar questions but they did a very good job randomizing it that it is nearly impossible for you to completely get the same hosts on every attempt. 

As far as prep is concerned, you will need  be very familiar with the labs, make sure you have done ALL the Practitioner level and below lab exercises. Recently, Portswigger had the USD9 promo, hence, I took full advantage of it by buying multiple vouchers but remember that one Portswigger account is only entitled to one voucher at any given time, so register multiple accounts if you want to purchase a few. I failed more than 7 times. During the initial attempts, I was plague with multiple IT issues, such as connection, proctoring, password and registration problems. Being a fairly new exam, Portswigger was constantly developing it. Fortunately, it got much smoother after a few attempts, Thanks to Portswigger staff that was very helpful in settling all my issues. 

I had nearly wanted to give up after my fifth attempt but I was adamant on passing this exam as I had my eye on only one certificate this year and that happened to be Burp Certified Practitioner. Overall, I had learn a lot of practical techniques that I am certainly going to incorporate into my Pen-testing job and bug hunting initiatives. From what I had known, a lot of people had to retake this exam more than once to pass, so don't get discouraged if you didn't pass the first round. The exam is designed to be challenging, you are not going to get straight forward vulnerabilities, often, there is some twist to some of the challenges and even rabbit holes! Perseverance is the key! Never give up! Cheers!