Try our new research platform with insights from 80,000+ expert users
PortSwigger Burp Suite Professional Logo

PortSwigger Burp Suite Professional pros and cons

Vendor: PortSwigger
4.3 out of 5
Badge Ranked 1

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

PortSwigger Burp Suite Professional is highly valued for its ability to automatically and accurately detect vulnerabilities, with special appreciation for the Burp Scanner and Burp Intruder features.
The extensions available through Burp Extender are considered very good, offering options for additional plugins and enabling highly customizable scanning processes.
The automated scanning capabilities are especially useful, as they address the needs of many customers, providing a reliable method for vulnerability assessment while maintaining accuracy and reducing false positives.
The intercepting feature and the ability to manually intervene for API testing provide significant advantages in identifying and fixing vulnerabilities efficiently.
Burp Suite Professional provides excellent technical support, with users rating it ten out of ten for its efficient management of response time and quality.

CONS

PortSwigger Burp Suite Professional requires better reporting options and more informative reports.
The number of false positives is high and needs to be reduced.
It uses a substantial amount of CPU power and memory which affects performance.
API security testing and integration, especially with CI/CD processes, need improvement.
The pricing is considered high by users, particularly in international markets.
 

PortSwigger Burp Suite Professional Pros review quotes

VN
Jan 2, 2020
Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it.
Anuradha.Kapoor Kapoor - PeerSpot reviewer
Aug 10, 2023
We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections.
reviewer1526550 - PeerSpot reviewer
Mar 12, 2021
The solution has a great user interface.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,803 professionals have used our research since 2012.
DC
Aug 1, 2023
The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good.
it_user704997 - PeerSpot reviewer
Dec 19, 2017
I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature.
reviewer1871559 - PeerSpot reviewer
May 29, 2022
The initial setup is simple.
reviewer1508730 - PeerSpot reviewer
Feb 19, 2021
The solution has a pretty simple setup.
it_user787785 - PeerSpot reviewer
May 16, 2019
This tool is more accurate than the other solutions that we use, and reports fewer false positives.
reviewer1112304 - PeerSpot reviewer
Jan 22, 2020
The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately.
VinothKumar5 - PeerSpot reviewer
Jun 23, 2021
The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.
 

PortSwigger Burp Suite Professional Cons review quotes

VN
Jan 2, 2020
The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired.
Anuradha.Kapoor Kapoor - PeerSpot reviewer
Aug 10, 2023
There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it.
reviewer1526550 - PeerSpot reviewer
Mar 12, 2021
It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,803 professionals have used our research since 2012.
DC
Aug 1, 2023
I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions.
it_user704997 - PeerSpot reviewer
Dec 19, 2017
The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies.
reviewer1871559 - PeerSpot reviewer
May 29, 2022
We'd like to have more integration potential across all versions of the product.
reviewer1508730 - PeerSpot reviewer
Feb 19, 2021
The pricing of the solution is quite high.
it_user787785 - PeerSpot reviewer
May 16, 2019
There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual.
reviewer1112304 - PeerSpot reviewer
Jan 22, 2020
The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative.
VinothKumar5 - PeerSpot reviewer
Jun 23, 2021
There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.