Launch offeryour first badge for €5 with code
Plume
← All skills
Burp Suite
Cybersecurity & GDPR

Burp Suite

Proxy, Repeater, Intruder, Scanner, extensions, sessions, authentication testing.

15 minutes€19.99

Before starting, we run a 1-minute tech check β€” microphone, ambient noise, connection. If your setup isn't good enough, the test is fully refunded.

How does it work? β†’

About the Burp Suite badge

Prove you actually know Burp Suite -- Proxy, Intruder, Scanner, BApp extensions and session handling -- with a 15-minute AI oral exam that goes way deeper than any multiple-choice cert.

The Plume Burp Suite badge certifies your hands-on mastery of PortSwigger Burp Suite Professional through a 15-minute live oral exam with an AI examiner. The conversation covers real operational scenarios: setting up the Proxy with Match and Replace rules, picking the right Intruder mode (Sniper, Pitchfork, Cluster Bomb) for a specific attack, configuring macros and Session Handling Rules to keep an authenticated scan alive when tokens expire every 30 seconds, exploiting extensions like Autorize, Turbo Intruder, JWT Editor and Logger++, and integrating Burp into a CI/CD pipeline via the Burp Enterprise REST API. You'll also be asked when you'd leave Burp behind -- gRPC testing, heavy certificate pinning, complex WebSocket flows -- because knowing the tool's limits is part of mastering it.

What makes this badge credible is that it cannot be faked by reading documentation. The AI examiner (OpenAI Realtime) digs into specifics that only someone with real pentest experience knows: how you handle a JWT with a short expiry during a scan, how DOM Invader changed your DOM XSS hunting, why you picked Turbo Intruder instead of native Intruder for a particular race condition. A second AI (Claude Opus) reads the full transcript and produces a 0-100 score with a certified proficiency level, a detailed per-dimension breakdown, and a shareable badge URL -- all delivered within 24 hours.

This badge is for web pentesters, bug bounty hunters, AppSec engineers, and security freelancers who want a verifiable proof of their Burp Suite skill level. Whether you're applying for a Red Team role, pitching a penetration testing contract, or leveling up your bug bounty profile, the Burp Suite badge gives recruiters and clients something concrete to evaluate -- not just your word for it.

What this badge evaluates

Here are the concrete dimensions the AI examines during the 15-minute oral.

How this badge is scored

Final scoring is performed by Claude (Anthropic), which reads back the full transcript and applies this weighted criteria grid.

How the oral exam unfolds

A Plume session takes about 20 minutes, from tech check to badge delivery.

  1. Step 1

    Tech Check (1 min)

    Mic level, connection quality and audio clarity are confirmed. The AI briefly explains the format: 15 minutes, no slides, just a spoken conversation about your real Burp Suite experience. No surprises.

  2. Step 2

    Warm-Up: Your Burp Context (2 min)

    You introduce yourself and describe your most recent or most technically complex Burp Suite engagement: the type of target (web app, API, hybrid), your role in the team, and the scope of what you tested.

  3. Step 3

    In-Depth Technical Probing (10 min)

    The AI digs into your specifics: session macros you've built, which Intruder mode you chose and why, which BApp extensions you reached for, how you handled JWT expiry during a scan, whether you've used Bambdas or DOM Invader. It adapts to your answers and follows up on anything vague or overclaimed.

  4. Step 4

    Critical Perspective Round (2 min)

    You're asked about Burp's blind spots, the tools you use when Burp isn't the right fit, and how recent evolutions like DOM Invader, Bambdas, or the rise of Caido have shaped your day-to-day practice.

  5. Step 5

    Badge Delivery (within 24h)

    Claude Opus analyses your transcript and produces a 0-100 score, a certified proficiency level (Novice / Proficient / Advanced / Expert), a detailed report by dimension, and a shareable badge URL. You get everything by email.

The 4 proficiency levels

Your score out of 100 translates into a level a recruiter can grasp at a glance.

Novice

Score 0-39

You've discovered Burp Suite through labs like PortSwigger Web Academy or TryHackMe. You can intercept traffic, modify requests in Repeater, and run a basic passive scan. You haven't used Burp on real-world engagements yet and the advanced session and automation features are largely unfamiliar.

Proficient

Score 40-59

You use Burp regularly on bug bounty programs or freelance engagements. You're comfortable with multiple Intruder modes, scope configuration, a handful of BApp extensions, and producing basic scan reports. Complex macros, Session Handling Rules and advanced auth testing still trip you up occasionally.

Advanced

Score 60-79

You run full authenticated scans with macros and Session Handling Rules, use Turbo Intruder for race conditions and high-speed fuzzing, leverage JWT Editor and Autorize for access control testing, and know when to switch to a different tool. You integrate Burp into client deliverables and team workflows.

Expert

Score 80-100

You have deep command of the entire Burp Suite Professional and Enterprise ecosystem: Bambdas, DOM Invader, REST API, custom extension development. You train junior pentesters, define your team's audit processes, and can give a nuanced, well-argued comparison of Burp against Caido, ZAP or bespoke tooling.

Who this badge is for

No degree or years of experience required to take the badge. Here are the profiles it makes the most sense for.

Concrete use cases

Where and how your Burp Suite badge will help you day to day.

Prerequisites

A few minutes to check you have everything you need.

What you take away

At the end of your session you don't just get a score β€” here's everything that awaits you.

Frequently asked questions about the Burp Suite badge

The exam is calibrated for Burp Suite Professional, which is the standard in professional pentesting contexts. If you've mostly used the Community edition, you can still sit the exam, but questions on the active Scanner, Burp Collaborator and certain Pro-only features will put you at a disadvantage. The Proxy, Repeater and Intruder modules overlap between versions, so your foundational skills still count.

Other Cybersecurity & GDPR badges

Discover related skills you can validate with Plume.

Ready to take the Burp Suite badge?

A 15-min oral exam with an AI, a shareable badge for your recruiters.

Choose this badge Β· €19.99