This course is designed for QA engineers, developers, and security enthusiasts who want to learn web application security testing using Burp Suite. You’ll explore security testing fundamentals, OWASP Top 10 vulnerabilities, and hands-on testing with Burp Suite tools like Proxy, Repeater, Intruder, and Scanner. By the end of the course, you will be able to identify, exploit, and report critical security flaws in real-world applications.
Basics of Application Security
Importance of Security Testing in SDLC
Overview of OWASP Top 10 vulnerabilities
Black box vs White box vs Grey box testing
Burp Suite installation & setup
Burp Suite editions (Community vs Professional)
Configuring proxy with browser
Burp Suite interface overview
Proxy – Capturing & modifying requests/responses
Repeater – Manual testing of parameters
Intruder – Automating customized attacks
Decoder – Encoding/decoding data
Comparer – Comparing responses
Sequencer – Analyzing randomness in tokens
Testing for Authentication & Session Management flaws
Identifying Injection vulnerabilities (SQLi, Command Injection)
Testing for Cross-Site Scripting (XSS)
Insecure Direct Object References (IDOR)
Broken Access Control checks
Cross-Site Request Forgery (CSRF) testing
File upload vulnerabilities
API security testing with Burp Suite
Burp Suite Scanner (Professional edition)
Extender & BApp Store plugins
Automating scans & generating reports
Integrating Burp Suite with other security tools
Documenting security vulnerabilities
Writing detailed bug reports with PoC (Proof of Concept)
Security testing best practices in Agile/DevSecOps
Compliance (OWASP, PCI DSS, GDPR considerations)
Hands-on security testing of a demo vulnerable web app (DVWA, Juice Shop, etc.)
Performing end-to-end penetration testing using Burp Suite
Identifying vulnerabilities, exploiting, and reporting them in Jira/Test management tools
Final project: Security assessment report submission
QA Engineers who want to move into security testing
Developers interested in application security
Penetration testing beginners
Testers in Agile/DevSecOps teams
Resume building with Security Testing & Burp Suite skills
Interview Q&A on OWASP Top 10 & Burp Suite
Career guidance for roles in QA Security, Penetration Testing, DevSecOps
Security Test Engineer
Penetration Tester (Web Apps)
Application Security Analyst
DevSecOps QA Engineer
Entry Level: ₹4 LPA – ₹6 LPA
Mid Level (2-5 yrs): ₹7 LPA – ₹12 LPA
Advanced (5+ yrs): ₹15 LPA – ₹25 LPA (as Security Specialist/Pen Tester)
Burp Suite shortcut cheat sheet
OWASP Testing Guide PDF
Sample Vulnerability Report template
Access to vulnerable web apps (DVWA, Juice Shop) for practice
Learn, grow, and succeed with Techshappers– your partner in building a brighter future for your child.