Updated in May 2025.

This course now features Coursera Coach! A smarter way to learn with interactive, real-time conversations that help you test your knowledge, challenge assumptions, and deepen your understanding as you progress through the course. In this in-depth course, you’ll start by setting up your practice environment, gaining access to Burp Suite Community or Pro, and understanding how web applications function. You’ll explore key concepts like HTTP requests and responses, and understand how Burp Suite integrates into the process of web security testing. This foundational knowledge will set you up for success as you dive deeper into Burp Suite’s vast capabilities. As you advance, each tab in Burp Suite will be covered in detail, from scanning vulnerabilities to decoding responses and comparing results. You’ll learn to use powerful tools such as the Proxy, Repeater, and Intruder tabs for conducting various types of web security tests. Additionally, Burp Suite Pro’s advanced features, like live task automation and content discovery, will be explained, making you proficient with both manual and automated scanning techniques. The final section takes your skills to the next level with hands-on lab exercises that mirror real-world penetration testing scenarios. You’ll practice exploiting HTTP methods, testing WebSockets, and running authenticated scans to access privileged areas of web applications. These hands-on labs are designed to solidify your understanding of Burp Suite’s capabilities and prepare you for advanced web security challenges. This course is ideal for cybersecurity enthusiasts, ethical hackers, and web developers with a basic understanding of web technologies. No prior experience with Burp Suite is required, though familiarity with HTTP protocols will be helpful.