PortSwigger Burp Suite Enterprise Edition Reviews

We use both Burp Suite Professional and the Enterprise Edition for manual application assessments and dynamic assessments at my client's company.

I like normal dynamic scanning, general web applications scanning, and vulnerability assessments.

There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives. 

The scan result is also unstable. In some applications, it'll basically give the frameworks, but the GRE is missing from it. It won't report some scans, and some results are substandard.

In the next release, I'm looking for a scanning tool that has SAST and DAST. For example, 
Veracode provides all those things. Burp Suite Enterprise Edition only provides vulnerability scanning like static analysis and dynamic analysis, software composition analysis, and practice applications. They should also offer more with different packages.

I have been using PortSwigger Burp Suite Enterprise Edition for about two months.

It's not a stable product. Sometimes, it takes a lot of time to scan. Sometimes it runs the scan for almost three or four days, and if some audits get filled, it stops immediately. It's unstable and takes lots of time compared other vulnerability scanners. Burp Suite Professional is excellent and stable. It gives lots of options for manual assessment. But PortSwigger Burp Suite Enterprise Edition still has lots of room for improvement.

Technical support gave me a few options to speed up the scanning process, but it still took three or four days. I wasn't satisfied with my experience.

Most companies I have worked with over the past decade used Burp Suite Professional for application scanning. Generally, most companies will go for PortSwigger Burp Suite Enterprise Edition for code analysis or go for Checkmarx or HPE Fortify. There are some pretty good solutions available in the market, like IBM AppScan and Acunetix, which are well established in the application scanning market. 

The initial setup is straightforward. We have deployed it in vCenter in a VM environment.

PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions. The license for Burp Suite Professional is more economical and gives you the same scanning features because the scanning, in general, is the same in both editions. But I can't do lots of things like automation in my manual assessment. The Professional edition is preferred my choice if I was making the purchase decisions.

I would tell potential users that it'll work fine with vCenter. You can deploy it because it gives you the option of taking the snapshot and do other stuff quite easily. Manageability is also good in a virtual environment.

On a scale from one to ten, I would give PortSwigger Burp Suite Enterprise Edition a six.

We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time.

The implementation of the solution is quite complicated and could be easier. 

I have been using the solution for five months.

Most of my clients are medium-sized businesses using the solution.

The installation is somewhat difficult, we had some initial technical issues but most have been resolved. The main issue was with the installation agent, it required us to reboot several times. This could have been because of the system environment at the client's site because in our lab, the agent installation is really straightforward and it did not require reboots. When we did the install at the client site, we experience that sometimes it required several reboots after the agent installation, it surprised us and we are still working on fixing it. 

I rate Fortinet FortiSIEM a seven out of ten.