PortSwigger Burp Suite Professional pros and cons

The solution has a great user interface.

The initial setup is simple.

The solution has a pretty simple setup.

The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.

In my area of expertise, I feel like it has almost everything I could possibly require at this moment.

The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.

The solution is stable.

The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.

I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.

The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it.

It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated.

We'd like to have more integration potential across all versions of the product.

The pricing of the solution is quite high.

There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.

A lot of our interns find it difficult to get used to PortSwigger Burp's environment.

One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that.

Sometimes the solution can run a little slow.

PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try.

I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us.

PortSwigger Burp Suite Professional could improve the static code review.