"It is scalable and very easy to use."
"The user interface is ok and it is very simple to use."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The accuracy of its scans is great."
"The most valuable feature is the static analysis."
"The solution is easy to use."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"The extension that it provides with the community version for the skills mapping is excellent."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"The solution has a pretty simple setup."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"The most valuable features are Burp Intruder and Burp Scanner."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"The scanner could be better."
"Creating reports is very slow and it is something that should be improved."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"Lately, we've seen more false negatives."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
"The reporting needs to be improved; it is very bad."
"The pricing of the solution is quite high."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"The use of system memory is an area that can be improved because it uses a lot."
"One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
"If we're running a huge number of scans regularly, it slows down the tool."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Fortify WebInspect is ranked 10th in Application Security Testing (AST) with 7 reviews while PortSwigger Burp Suite Professional is ranked 3rd in Application Security Testing (AST) with 18 reviews. Fortify WebInspect is rated 7.0, while PortSwigger Burp Suite Professional is rated 8.4. The top reviewer of Fortify WebInspect writes "Good reporting and vulnerability management, but needs better performance and resource utilization". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "Best for manual penetration testing, a great user interface, and offers good scanning capabilities". Fortify WebInspect is most compared with Micro Focus Fortify on Demand, OWASP Zap, Veracode, HCL AppScan and Qualys Web Application Scanning, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Acunetix by Invicti, Tenable.io Web Application Scanning, HCL AppScan and Qualys Web Application Scanning. See our Fortify WebInspect vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
