Practical web application security certification from the makers of Burp Suite. Tests real-world web exploitation skills across a 4-hour hands-on exam using PortSwigger Web Security Academy labs.
Sign in to rate this certification and share your experience.
Sign in to RateAggregated from "BSCP for AppSec careers" threads
Does not count toward average ratings or recommendation %.
May 10, 2026
HR Value
Worth Cost
Learning
Exam Difficulty
For web app pentesters / bug bounty hunters / app sec engineers, BSCP is among the most-respected credentials by $/skill ratio. Often listed in modern AppSec / WebSec job specs alongside (or instead of) OSCP.
Aggregated from "BSCP exam difficulty" threads
Does not count toward average ratings or recommendation %.
May 10, 2026
HR Value
Worth Cost
Learning
Exam Difficulty
Exam is brutal at 4 hours — many candidates report time pressure as primary fail reason. Pass rate around 30–40% on first attempt per community reports. Retakes affordable ($99) so failures recoverable.
Aggregated from "Web Security Academy / BSCP" threads
Does not count toward average ratings or recommendation %.
May 10, 2026
HR Value
Worth Cost
Learning
Exam Difficulty
Web Security Academy (PortSwigger's free training) is one of the highest-quality free security learning resources online. Covers OWASP Top 10 + advanced topics with hands-on labs. Completing all "expert" labs widely cited as essential prep.
Aggregated from r/bugbounty + PortSwigger community
Does not count toward average ratings or recommendation %.
May 10, 2026
HR Value
Worth Cost
Learning
Exam Difficulty
PortSwigger's web app pentest cert. $99 fee — exceptional value. 100% hands-on (4-hour practical exam against real web app). Strong technical respect in web security community. Required prep is free via Web Security Academy.
PortSwigger's free web security training. Covers OWASP Top 10 + advanced topics with hands-on labs. Required for BSCP prep.
Official Burp Suite documentation — essential for exam tooling proficiency.
OWASP reference material — foundational web app security knowledge.
Some links may earn us a small commission. This doesn't affect our ratings or the prices you pay.
Verification not currently supported
PortSwigger doesn't currently provide a public way for us to auto-verify cert holders. If they implement Credly badges or a public verifier in the future, please email us at contact@certreview.com so we can enable verification for this certificate.
Remote Proctored
Test center only
Exam Languages
Study Time
~80 hours