Published 3/2024
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 3.51 GB | Duration: 4h 36m
Become a Burp Suit Certified Practitioner (BSCP) and Advance your Web Application Penetration Testing career!

What you'll learn
Prepare for the Portswigger Burp Suite Certified Practitioner exam
Learn the 31 core labs for the Portswigger Burp Suite Certified Practitioner exam
Walk through 10 Mystery labs in order to prepare for the Portswigger Burp Suite Certified Practitioner exam
Receive Tips and Tricks to master the Portswigger Burp Suite Certified Practitioner exam
Requirements
Burp Suite Apprentice Web App Penetration Testing Course (highly recommended)
Burp Suite Practitioner Web App Penetration Testing Course (highly recommended)
Operating System: Windows / Apple Mac OS / Linux
Reliable internet connection
Burp Suite Pro
Firefox Web Browser
Kali Linux on VM / CloudService or Raspberry PI
Description
Become a Portswigger Burp Suite Certified Practitioner (BSCP)The aim of this course is to help people to prepare for the challenging Burp Suite Certified Practitioner exam. Important note: This course is NOT teaching the actual usage of Burp Suite and its features. This course is proving a step-by-step walkthrough through labs with detailed explanations on how to find and exploit web app vulnerabilities.Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.This course features the following:Detailed walkthrough of 31 core labs as outlined by PortswiggerWalkthrough of 10 Mystery Labs where you learn how to find vulnerabilities without lab hintsCheat Sheets on how to find flaws in all 30 vulnerability categories (useful not only for the exam) 7 Golden Tips for the exam Note: The 31 core labs are also covered in my other course (Burp Suite Practitioner Labs Walkthrough) and are therefore duplicated here. This course aims at people who want to fast track the BSCP exam and don't want to go through all practitioner labs! The Tips section, golden rules incl. the cheat sheets, mystery labs etc. are all brand new. Martin is solving them all and giving useful insight on how to find and exploit these vulnerabilities. He is not just inserting the payload but explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. Martin is also dropping a lot of tips and tricks for those who wish to get the Burp Suite Certified Practitioner certification (BSCP). This training is highly recommended for anyone who wants to become a professional in Web Application Penetration Testing, Web Application Bug Bounty Hunting or take the Burp Suite Certified Practitioner certification (BSCP) certification.Notes & DisclaimerPortswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. I will update this course with new labs as they are published. I will to respond to questions in a reasonable time frame. Learning Web Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don't feel frustrated if you don't find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.
Overview
Section 1: Introduction
Lecture 1 Introduction
Section 2: Exam preparation
Lecture 2 Find vulnerabilities
Lecture 3 The 7 Golden Tips
Section 3: Core Labs for the exam
Lecture 4 Web shell upload via extension blacklist bypass
Lecture 5 OAuth account hijacking via redirect_uri
Lecture 6 SSRF via flawed request parsing
Lecture 7 SQL injection attack, querying the database type and version on MySQL
Lecture 8 Exploiting cross-site scripting to capture passwords
Lecture 9 CSRF where token validation depends on request method
Lecture 10 Blind XXE with out-of-band interaction via XML parameter entities
Lecture 11 Multistep clickjacking
Lecture 12 SSRF with filter bypass via open redirection vulnerability
Lecture 13 CORS vulnerability with trusted insecure protocols
Lecture 14 Exploiting HTTP request smuggling to deliver reflected XSS
Lecture 15 Server-side template injection in an unknown language
Lecture 16 Using application functionality to exploit insecure deserialization
Lecture 17 File path traversal, traversal sequences stripped non-recursively
Lecture 18 Multi-step process with no access control on one step
Lecture 19 Broken brute-force protection, IP block
Lecture 20 Insufficient workflow validation
Lecture 21 Manipulating the WebSocket handshake to exploit vulnerabilities
Lecture 22 DOM XSS using web messages and a jаvascript URL
Lecture 23 Web cache poisoning with multiple headers
Lecture 24 Information disclosure in version control history
Lecture 25 Blind OS command injection with output redirection
Lecture 26 Discovering vulnerabilities quickly with targeted scanning
Section 4: Additional important Labs
Lecture 27 Exploiting cross-site scripting to steal cookies
Lecture 28 Blind SQL injection with out-of-band data exfiltration
Lecture 29 Forced OAuth profile linking
Lecture 30 Brute-forcing a stay-logged-in cookie
Lecture 31 Exploiting HTTP request smuggling to capture other users' requests
Lecture 32 SSRF with blacklist-based input filter
Lecture 33 SQL injection with filter bypass via XML encoding
Lecture 34 Discovering vulnerabilities quickly with targeted scanning
Section 5: Mystery Labs
Lecture 35 Mystery Lab 1
Lecture 36 Mystery Lab 2
Lecture 37 Mystery Lab 3
Lecture 38 Mystery Lab 4
Lecture 39 Mystery Lab 5
Lecture 40 Mystery Lab 6
Lecture 41 Mystery Lab 7
Lecture 42 Mystery Lab 8
Lecture 43 Mystery Lab 9
Lecture 44 Mystery Lab 10
Anybody preparing for the Portswigger Burp Suite Certified Practitioner (BSCP) exam
Screenshots