Burp Suite Certified Professional (BSCP) Review + Tips/Tricks [Portswigger]

It was awesome, thanks! I came across some of my own videos/writeups on a cheatsheet while I was revising, might of been yours. Full learning circle, love to see it 😅

Perfect, good luck! 🤞

Thanks mate! Appreciated 🥰

🙏🥰

Thank you! Glad you liked it 🥰

Hahaha sometimes they are slow for me as well! The worst is when they crash and you can't restart xD

@@_CryptoCat The exam is fast though right? They give you a private network for the exam, through a VPN or otherwise?

@@ismailmatrix1 There's no VPN, it's a similar setup to the practice exams. I didn't notice any performance issues though, they probably take resource allocation more seriously for the exam.

💜

Thanks mate! Good question, but one only you can answer. I don't think you'll have problem finding work in either field, if you are good at what you do. The most skilled people are generally those who are passionate about the subject, so if you feel more interested in web then don't worry if you won't put your networking experience to best use (I say "best", because even if you move to web, the network pentesting experience will be helpful). On the other hand, if you feel more passionate about networking, don't switch to web just because there might be more work/money.
TLDR; work hard on what you enjoy and the work/money will follow. Besides, many pentesting jobs involve a mix of these topics. One client might request a website pentest, another a network, another a mobile app.. or maybe a combination of all 🙂

​@@_CryptoCatthanks, really appreciate the input

Thank you! Best of luck with the exam 🤞On the obfuscation, portswigger recommend this article for the exam: portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings, I'd also recommend reviewing the labs that require obfuscation. I can't say much about the final exam (and both my attempts were different vulns anyway) but the practice exams are a good idea of what to expect - IIRC in those you don't have to deal with obfuscation blindly, e.g. there is some feedback to say something like "attack detected" or you can see some characters/keywords being stripped out, so you know where to focus your obfuscation techniques on, e.g. if there's an indication that some chars are blocked, you could fuzz through the possible chars and make a list of which ones trigger an error and which don't, then try different encodings until you no longer see errors.

Hmmmm good question! I haven't done the CBBH exam but I did finish the course. First thing I'll say is they both good, but very different. Portswigger will teach you everything you need to know about web vulns and exploits, but not much about the methodology of hunting. CBBH will go more into things like scope, recon, reporting etc.
Personally, I would recommend BSCP first - the labs and material on portswigger are the gold standard IMO, everyone interested in web hacking should complete them. The exam is very fairly priced, but will probably continue to rise as it becomes more established. I know you mention the price of burp but consider you could:
a) Use burp pro 1 month trial
b) At least get the benefits of having a year of burp pro, e.g. for bug bounty hunting
Up to you though, CBBH is also very good!

@@_CryptoCat Thank you for the quick response. I hadn't considered the benefits of having a Burp Pro subscription for bug bounty, so that's definitely useful. But yeah, like you said, BSCP is still at a fair price and Portswigger is pretty well known, so I think I'm going to take advantage of that. Thanks again for the advice 🙌🏼

@@xm4nd0 No problem mate, best of luck! 🤞

Did you get it solved? You can DM me on discord if needed

You get one attempt per exam voucher but I don't think there are any limits on how many times you can take the exam. I read some reports on reddit of people taking the exam ~10 times (it used to be a lot cheaper lol).