Burp Suite Certifications Terms of Use and Certifications Privacy Statement


These Certifications Terms of Use together with the documents referred to in it ("Terms") constitute the terms and conditions which govern the use of the Burp Suite certification and exam services ("Certifications Services") and any related content and materials ("Learning Materials") provided or made available by PortSwigger Ltd (Company registration no. 6719143) ("PortSwigger"). These Terms apply equally to any individual purchaser or candidate ("Candidate") of the Certification Services and any business or company purchasing the Certification Services on behalf of their employees ("Sponsor") (each individual employee using the Certification Services to be considered a "Candidate" in their own right).

Terms and Conditions

1. Acceptance of Terms

1.1 By purchasing or using the Certifications Services, Candidates confirm that they accept these Terms and agree to comply with them.

1.2 By purchasing the Certification Services on behalf of their employees, Sponsors confirm that each of its individual Candidates have accepted these Terms and that the Sponsor will be liable for the acts or omissions of any such Candidates as if such acts and omissions were its own.

1.3 Candidates or Sponsors who do not agree to these Terms may not use the Certifications Services.

1.4 Candidates (and their Sponsors, if applicable) agree to indemnify PortSwigger, its affiliates and respective directors, officers, employees and agents against any losses, liabilities, claims and expenses (including legal fees) that arise out of or as a result of the Candidate's or Sponsor's unauthorised use or misuse of the Certifications Services.

1.5 PortSwigger reserves the right to revoke any certificate or qualification awarded under the Certifications Services to any Candidate where that Candidate or their Sponsor does not comply with these Terms.

2. Other Applicable Terms

2.1 Other terms and conditions may apply to Candidates (and their Sponsors, if applicable) of the Certifications Services. These may include:

3. Changes to these Terms

3.1 These Terms may be amended from time to time. All Candidates and Sponsors should ensure that they check these Terms to ensure they understand the terms that apply at that time.

4. Changes to the Certifications

4.1 The Certifications Services and related content may be updated and amended from time to time to reflect changes to Candidates' needs or developments related to the Learning Materials and exam content.

5. Transfer of Obligations

5.1 PortSwigger may transfer its rights and obligations under these Terms to another organisation. Any such transfer will not affect Candidates' or Sponsors' rights under these Terms.

6. User Account Details

6.1 Candidates undertake to keep confidential any credentials provided by PortSwigger enabling the Candidate to log in to our websites or access the Certifications Services.

6.2 PortSwigger has the right to disable any login or password, whether chosen by the Candidate or provided by PortSwigger, at any time, if in the reasonable opinion of PortSwigger the Candidate has failed to comply with any of the provisions of these Terms.

7. Payment

7.1 For consumer and business Candidates:

  • 7.1.1 Prices for the Certification Services shall be those specified on PortSwigger websites at the time of purchase or as otherwise specified in an order agreed with PortSwigger;

  • 7.1.2 All prices are stated exclusive of VAT (unless stated otherwise);

  • 7.1.3 Payment must be made by the method directed by PortSwigger in the purchase process;

  • 7.1.4 Each purchase is non-refundable, except where otherwise stated within these Terms or on our website; and

  • 7.1.5 Each purchase must be redeemed within one (1) year of purchase by the Candidate completing an examination.

7.2 For consumer Candidates:

  • 7.2.1 Each purchase of the Certification Services relates to a specific Candidate and is non-transferrable; and

  • 7.2.2 Payment is required in advance of use of the Certification Services.

  • 7.2.3 If a consumer Candidate wishes to cancel the Certification Services please email PortSwigger at hello@portswigger.net within 14 days of purchasing the Certification Services. If the consumer Candidate has taken the examination it will not be possible to provide a refund.

7.3 For business Candidates and their Sponsors:

  • 7.3.1 Unless PortSwigger has pre-approved the Candidate's or Sponsor's purchase on credit in writing (and subject to any additional credit terms that apply to any such approval), payment is required in advance; and

  • 7.3.2 The Certification Services may be purchased by the individual Candidates directly or by their Sponsor on their behalf.

8. Arranging Examinations

8.1 Examinations are hosted by PortSwigger, but PortSwigger uses a third party examination automated proctoring service ("Automated Proctor"). Candidates are required to hold an account with both PortSwigger and the Exam Invigilator.

8.2 Candidates should place orders for examinations with at least twenty four (24) hours' notice. If a Candidate attempts to order an examination with less than twenty four (24) hours' notice, PortSwigger and Automated Proctor make no representations that the examination can be taken in that period.

8.3 PortSwigger reserves the right to cancel or postpone the taking of any examination by providing forty-eight (48) hours' notice to the Candidate. In the event that PortSwigger cancels any examination under this section 8.3, Candidates will be entitled to take the examination subsequently free of charge but shall not be automatically entitled to any refund of fees paid or payable for the Certification Services.

8.4 Before attempting to sit any examination, Candidates are responsible for ensuring they have met any system requirements, as set out on the PortSwigger or Automated Proctor websites or in any related guidance provided to the Candidate. PortSwigger and Automated Proctor will not be liable for any failed examination or other loss caused by system failures or outages of Candidates' internet connection, computer or IT systems.

9. Automated Proctoring

9.1 Candidates acknowledge and agree that Automated Proctor will:

  • 9.1.1 automatically authenticate the Candidate's identity before examinations using a real-time webcam feed;

9.2 Further information regarding how PortSwigger collects and processes personal data in connection with automated proctoring can be found in the Certifications Privacy Statement.

9.3 Automated Proctor will provide reports to PortSwigger on Candidates' results as well as any behavior, action or inaction which could or may constitute cheating or dishonesty with respect to the authenticity of the candidate's identity.

9.4 Candidates acknowledge that, in the event of Automated Proctor reporting any such behaviors, action or inaction to PortSwigger, PortSwigger reserves the right (at its absolute discretion) to revoke the certificate or qualification of that Candidate, and also to bar the Candidate from using the exam services and to revoke any certificates or qualifications gained subsequently by the Candidate, and that Candidate will not be entitled to any refund of fees paid or payable for the Certification Services.

9.5 Candidates may not record, copy, distribute or share any element of the examinations or related information and this includes, but is not limited to, sharing examination challenges and how to solve these and creating resources including tools that might help another person solve an examination. PortSwigger reserves the right (at its absolute discretion) to revoke the certificate or qualification of Candidates that are in breach of this section 9.5 and also to bar such Candidates from using the exam services and to revoke any certificates or qualifications gained subsequently by such Candidates and such Candidates will not be entitled to any refund of fees paid or payable for the Certification Services.

10. Use of Website Content

10.1 PortSwigger is the owner or the licensee of the PortSwigger websites, including all intellectual property rights in such websites, and in the material published on it or provided in relation to the Certification Services (including the Learning Materials and the content of the examinations). Those works are protected by copyright laws and treaties around the world. All such rights are reserved.

10.2 Candidates and/or Sponsors acknowledge that the trademarks and logos displayed on the PortSwigger websites or Learning Materials are the property of PortSwigger, and Candidates and/or Sponsors must not use any of the marks without PortSwigger's prior written permission.

10.3 Candidates and/or Sponsors must not modify or tamper with the certificates or qualifications provided under the Certification Services.

10.4 Certificates or qualifications achieved under the Certification Services remain valid for the time period specified on the certificate or as otherwise notified to Candidates on the PortSwigger websites.

10.5 Candidates and/or Sponsors must not purport to rely on or make reference to certificates or qualifications that have expired.

10.6 PortSwigger's status (and that of any identified contributors) as the authors and providers of the Certification Services and any Learning Materials or other content must always be acknowledged.

11. Content and Materials

11.1 Learning Materials and any other content provided by PortSwigger are provided for information only. They are not intended to amount to the sole source of information for Candidates to access ahead of any examination.

11.2 Although reasonable efforts are made to update the information in the Learning Materials and related content, including on the PortSwigger websites, such Learning Materials must not be used for general reliance and PortSwigger make no representations, warranties or guarantees, whether express or implied, that such information is accurate, complete or up to date.

11.3 Where the Learning Materials or PortSwigger websites contain links to other sites and resources provided by third parties, these links are provided for Candidates' information only. Such links should not be interpreted as approval by PortSwigger of those linked websites or information that may be obtained from them. PortSwigger have no control over the contents, accuracy or privacy practices of those sites or resources, and Candidates visit those sites at their own risk.

12. Responsibility for Loss

12.1 For consumer and business Candidates and their Sponsors (where applicable):

  • 12.1.1 PortSwigger does not exclude or limit liability to Candidates or Sponsors in any way where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors and for fraud or fraudulent misrepresentation.

  • 12.1.2 PortSwigger's maximum aggregate liability under or in connection with the Certification Services or Learning Materials, whether in contract, tort (including negligence) or otherwise, shall be limited to a sum equal to 100% (one hundred percent) of the purchase price of the Certification Services for one Candidate in a calendar year.

  • 12.1.3 Candidates and their Sponsors (where applicable) agree not to commercialise the Certification Services, Learning Materials or any other content provided by PortSwigger.

12.2 For business Candidates and their Sponsors:

  • 12.2.1 PortSwigger excludes all implied conditions, warranties, representations or other terms that may apply to the Certification Services, Learning Materials or PortSwigger websites and any content on them.

  • 12.2.2 PortSwigger will not be liable to Candidates for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:

    • a) use of, or inability to use, the PortSwigger websites or Certification Services;

    • b) use of, or reliance on, any information contained in the Learning Materials; or

    • c) use of, or reliance on, any content displayed the PortSwigger websites.

  • 12.2.3 In particular, PortSwigger will not be liable for:

    • a) loss of profits, sales, business, or revenue;

    • b) business interruption;

    • c) loss of anticipated savings;

    • d) loss of business opportunity, goodwill or reputation; or

    • e) any indirect or consequential loss or damage.

13. Use of Personal Information

13.1 PortSwigger will only use the personal information of Candidates in the manner set out in our Certifications Privacy Statement.

14. Viruses

14.1 PortSwigger does not guarantee that the Certification Services, Learning Materials and PortSwigger websites will be secure or free from bugs or viruses.

14.2 Candidates are responsible for configuring their information technology, computer programs and platform to access the Certification Services, Learning Materials and PortSwigger websites. Candidates should use their own virus protection software.

14.3 Candidates must not misuse the Learning Materials and PortSwigger websites by knowingly introducing viruses, trojans, worms, logic bombs or other material that is malicious or technologically harmful. Candidates must not attempt to gain unauthorised access to the PortSwigger websites, the server(s) on which such websites are stored or any server, computer or database connected to the websites. Candidates must not attack the PortSwigger websites via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, Candidates would commit a criminal offence under the Computer Misuse Act 1990. PortSwigger will report any such breach to the relevant law enforcement authorities and will co-operate with those authorities by disclosing Candidates' identity to them. In the event of such a breach, the Candidate's right to use the Certification Services, Learning Materials and PortSwigger websites will cease immediately.

15.1 Candidates may link to the home pages of the PortSwigger websites, provided they do so in a way that is fair and legal and does not damage PortSwigger's reputation or take advantage of it.

15.2 Candidates may not use PortSwigger's registered trademarks without PortSwigger's prior approval.

15.3 Candidates must not establish a link in such a way as to suggest any form of association, approval or endorsement on PortSwigger's part where none exists.

15.4 Candidates must not establish a link to the PortSwigger websites in any website that is not owned by that Candidate.

15.5 The PortSwigger websites must not be framed on any other site, nor may Candidates create a link to any part of the PortSwigger websites other than the home page.

15.6 PortSwigger reserve the right to withdraw linking permission without notice.

15.7 If Candidates wish to link to or make any use of content on the PortSwigger websites or Learning Materials other than that set out above, please contact office@portswigger.net.

16. Queries

16.1 To request any further information, or to raise a complaint, please contact office@portswigger.net.

17. Disputes

17.1 These Terms, their subject matter and their formation, are governed by English law. Candidates agree that the courts of England and Wales will have exclusive jurisdiction over any disputes arising under or in relation to these Terms.

Certifications Privacy Statement

This privacy statement provides information as to how PortSwigger Ltd ("we") collects and processes your personal data if you are a candidate of one of our Burp Suite certification and exam services ("Certification Services").

It is important that you read this privacy statement so that you are fully aware of how and why we are using your data in the context of our Certification Services. If you would like to know more about how PortSwigger Ltd collects and processes personal data more generally, please visit our privacy notice.

1. Information about the Data Controller

PortSwigger Ltd is the Data Controller in respect of any personal data of candidates that is processed in relation to Burp Suite Certification Services. We use a third party service provider, Examity, to automatically verify the identity of the candidates.

2. What personal data and information is collected and processed and why?

Where individuals order examinations hosted by PortSwigger Ltd, the personal information we collect includes your name, email address, contact telephone number, photo identification and payment information to secure the examination and verify the individual applying for the examination.

  • Webcam Before the examination commences, a real-time automated identity check of your facial image against an approved form of picture identification will be undertaken using your device's camera which will be accessed by Examity and this recording session should be ended by you following the on-screen instructions before you begin the examination.

3. Who may access your personal data and where will it be processed?

As described above, we use a third party service provider, Examity, to automatically check your identification before your examination.

These recordings will be stored in a database which is located on servers hosted and operated by Examity in the European Union. We will not view recordings beyond the automated review undertaken by the automated proctor save in rare circumstances, such as where there is a legitimate suspicion of dishonesty/breaching our Terms of Use.

Examity has entered into contractual commitments with PortSwigger Ltd to secure the information you provide in accordance with applicable law.

In addition, in limited circumstances (for example if users contact Examity support via web chat) basic contact information may be transferred to Examity's hosting servers in the United States. We put in place safeguards, including through contractual commitments, to ensure that your personal data receives an adequate level of protection to protect your privacy rights.

4. How long do we retain your personal data?

Recordings are stored for no more than 60 days, unless there is an ongoing investigation into any recording, in which case they will be kept as long as necessary to carry out the investigation. We may also need to retain your personal data to exercise, establish or defend our legal rights (for example, in the face of a challenge or potential or actual litigation) and to comply with any relevant legal obligations.

5. Your rights concerning your personal data

You have certain rights in respect of the personal data you provide through the Certification Services. These include the right to erasure of personal data; to object to the processing; the right to correction of personal data; and to receive a copy of the personal data held through this service. You also have the right to lodge a complaint with the UK's Information Commissioners Office, however we encourage you to contact us first to resolve your concerns.

To make any such requests or raise a complaint, please contact hello@portswigger.net.

More detailed information regarding how PortSwigger Ltd collects and processes personal data and more information on our data security measures and the rights available to you are available at portswigger.net/privacy.