Practical Burp Suite Pro: Advanced Tactics

Do you feel pretty good about your Web Application Security testing methodology, but think you might be able to get more out of your tools? Years of experience providing instruction on the process of conducting Web Application Security assessments has made it clear. Even the most experienced testers lack a complete understanding of everything that is available in the industry’s #1 Web Application Security testing tool: PortSwigger’s Burp Suite Pro. It’s time to fix that with PBAT.

PBAT provides comprehensive training on the capabilities of Burp Suite Pro and the practical application of these capabilities in real world web application penetration testing engagements. The instructor will introduce the various components of Burp Suite Pro, discussing their purpose, strengths, and limitations, and lead students in realistic scenario driven hands-on exercises leveraging the components against a modern web application. As the scenarios unfold, the instructor will share tips and tricks for using Burp Suite Pro gained from years of personal usage experience and extensive research into the tool's capabilities and ongoing expansion. These scenarios include the use of lesser-known features hidden within the Burp interface, and the modification and chaining of features to solve complex problems that make testing modern applications a challenge.

As a Portswigger Preferred Burp Suite Pro Trainer, Tim is a trusted source for comprehensive training on Burp Suite Pro v2.0. Since v2.0 was announced in August 2018, Tim has been the leader in researching and identifying the differences between the old and new versions of Burp Suite Pro, and assisting Web Application Security professionals in the transition.

Skill Requirements

PBAT is 100% focused on Burp Suite Pro v2.0 and does not address the methodology and process of web application penetration testing or specific vulnerabilities. However, the class is taught within the context of a web application penetration test in order to provide realistic scenarios for the tool’s usage. While not an official continuation of Practical Web Application Penetration Testing (PWAPT), PBAT is a great follow-up for students who have previously attended PWAPT.

Technical Requirements

  • Laptop with the latest VMware Player, VMware Workstation, or VWware Fusion installed. Other virtualization software such as Parallels or VirtualBox will probably work if the attendee is familiar with its functionality. However, VMware Player should be prepared as a backup.
  • Ability to disable all security software on their laptop such as Antivirus and/or firewalls (Administrator).
  • At least twenty (20) GB of hard drive space.
  • At least four (4) GB of RAM.


  • "I just completed my first paid pen test as an after hours gig. Thanks to your class, I had a solid methodology to follow. I went down the list and it went better than I expected. I found stored XSS, IDOR, Session Fixation, insecure JWT storage, CSRF and more. I would have never been able to do this without you. Thank you so much. I can’t wait to take the class again!!"

    - Joe S. (PWAPT WorkshopCon, 2019)
  • "This is the most beneficial, real-world applicable course I have ever attended on web application penetration testing. In three days, Tim walked us through his expert methodology on assessing web applications and provided insight on the most recent vulnerabilities that are currently being found and how to test for them. Excellent course."

    - Steve D. (PWAPT Raleigh, 2019)
  • "I've been in IT for 24 years and have taken dozens and dozens of training classes. I've left most of those classes feeling like the value of the class for the cost wasn't worth it. That was completely the opposite for your class. I left wondering why it was so cheap. Without a doubt it was some of the best training I've received in my career."

    - Jeremy Archer (PWAPT Eau Claire, 2018)
  • "I've taken several different trainings/certifications to include: OSCP, eMAPT, ePPT, Sans (GCFE and GMOB); your training and method of instruction blew these away. You've given me the gift of knowledge and I greatly appreciate it!"

    - DJ Phishes (PWAPT Eau Claire, 2018)
  • "Thank you for an amazing class! Truly inspirational. I'm probably one of the newest from your Springfield class to the security world, but you were able to teach and present all of the information in a way that was not only at a level that could be easily understood, but was engaging and fun!"

    - Blaise Lacktis (PWAPT Springfield, 2019)

Stay In Touch and Be Notified
Service Announcements + Upcoming Seminars and Classes