Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more

All labs

Mystery lab challenge

Try solving a random lab with the title and description hidden. As you'll have no prior knowledge of the type of vulnerability that you need to find and exploit, this is great for practicing recon and analysis.

Take me to the mystery lab challenge

SQL injection

Cross-site scripting

Cross-site request forgery (CSRF)

Clickjacking

DOM-based vulnerabilities

Cross-origin resource sharing (CORS)

XML external entity (XXE) injection

Server-side request forgery (SSRF)

HTTP request smuggling

OS command injection

Server-side template injection

Path traversal

Access control vulnerabilities

Authentication

WebSockets

Web cache poisoning

Insecure deserialization

Information disclosure

Business logic vulnerabilities

HTTP Host header attacks

OAuth authentication

File upload vulnerabilities

JWT

Essential skills

Prototype pollution

GraphQL API vulnerabilities

Race conditions

NoSQL injection

API testing

Web LLM attacks