Anyone go through Burp Suite's Web Security Academy?

c5rookiec5rookie CISSP-ISSAP, CCNA, GCED, GCFA, GCIA, GCIH, GCUX, GCWN, GPEN, GWAPT, A+, Net+, Sec+, Linux+, Pentest+U.S.Member Posts: 52 ■■■□□□□□□□
Over the weekend I started going through the online training for the Burp Suite Practitioner Certification. I was curious if anyone here has gone the courseware or taken the exam and what your thoughts were about it. Web application pen testing is a weak area of mine, which is why I wanted to go through the course and learn more to strengthen my skills. For anyone here that does web application pen testing regularly, what are some common weak areas you see repeatedly showing up, CSRF, SSRF, business logic flaws, authentication issues, directory traversal, XSS?

Comments

  • FluffyBunnyFluffyBunny CISSP, OSCP, CEH, RHCE, GCCC, Pentest+, PSM-1, alphabet soupMember Posts: 209 ■■■■■□□□□□
    I haven't gone through their academy myself, yet. But we do recommend it to our students and colleagues, plus my pen-testing colleagues have favorable opinions about it. 
    CISSP, OSCP, CEH, GCCC, RHCSA, RHCE, Pentest+, Linux+, PSM-1, alphabet soup...

    2020: Renew RHCE (with EX407), CompTIA CTT+, Autopsy forensics, Applied Purple Teaming (BHIS) All done!
    2021: Modern Web-app pen-testing (BHIS), PDSO CDP, Docker DCA, PortSwigger Burp Suite class.
Sign In or Register to comment.