We’ll be in touch once we have verified your results. This process can take between 24-48 hours. We just need to verify your results with Examity, our third-party proctoring service. You successfully solved the technical components of the Burp Suite Certified Practitioner exam. I got this in an email from PortSwigger shortly after the exam time ended: I didn’t want to stay awake only to wait for the exam to time out (it didn’t finish automatically), so I decided to get some sleep instead. Since I did two attempts in a row, after work, it was almost midnight by the time I finished. With more than one hour to spare, I finally completed both applications! And that helped - this time I tried something else when I got stuck. This time I tried telling myself not to get stuck in one path, which is what made me fail the two first attempts. The refund offer also helped when making this decision. I ran out of time.īut since I knew I would’t be able to sleep or do anything useful until I had given it another try, I purchased and started the third attempt immediately after the second attempt ended. And this is what ultimately led to the second failure. I got completely stuck almost right away, once again spending way too much time on the wrong idea. The exam applications are randomly selected when you start, so you won’t get the same applications on subsequent attempts. With that in mind, I had to give it another try! The price increased to $99, but the offer for a full refund if you passed before December 15th was still valid. Even with more than one hour left to figure it out, it ultimately ended with a failed attempt. When I only had one step left, I got stuck. But then I tried something completely different, and that worked. I spent way to much time on something that should have worked, and would have worked in the Web Security Academy. When I got the entire first application and the first step on the second application done, with more than half the time left, it certainly felt like I should be able to finish this. Exfiltrate contents of /home/carlos/secret.PortSwigger expects you to do the following (in order) on both applications: You get a total of four hours to do this. The exam itself was similar to the practice exam, except that you have to complete two applications. And as far as I know, there’s nothing stopping you from using a VM with Linux to do the exam itself. After verifying your identity, you disconnect from the proctoring session. The Examity platform does not work on Linux, so you need Windows or Mac for this stage. PortSwigger use Examity, a third party proctoring service, to verify your identity. Before I felt ready for the exam, I decided to do as much as I could of the Web Security Academy Labs, focusing mostly on XSS (since the exam preparation specifically mentions XSS). It took a couple tries, but I eventually got it. I purchased the exam, and started working on the practice exam. Given that I work a lot with Burp Suite (and already had the required Burp Suite Professional license), it made perfect sense to just give this a go! PortSwigger had a nice offer for Black Friday, $9 for the exam attempt - and a full refund if you passed before December 15th. I’ve recently transitioned from development to penetration testing. I’ve been a hobby coder since I was 10, and a professional developer for a long time. I spent about half of 2020 working on various certifications, like OSCP and OSWE and several from eLearnSecurity. Quickly identify weak points within an attack surface, and perform out-of-band attacks to attack them, using manual tools to aid exploitation.Adapt your attack methods to bypass broken defenses, using your knowledge of fundamental web technologies like HTTP, HTML, and encodings.Detect and prove the full business impact of a wide range of common web vulnerabilities - such as XSS, SQLi, OWASP Top 10 and HTTP Request Smuggling.This certification will prove to peers, colleagues, and employers, that you have the ability to: PortSwigger has this to say about this training path:īy becoming a Burp Suite Certified Practitioner, you will be able to demonstrate your web security testing knowledge and Burp Suite skills to the world. This review/summary does not contain any spoilers. All of the information on this page are publicly available on the PortSwigger website. This blog post is a review/summary of my experience with the Burp Suite Certified Practitioner exam.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |