PortSwigger Burp Suite Professional pros and cons

The solution has a great user interface.

The initial setup is simple.

The solution has a pretty simple setup.

The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.

In my area of expertise, I feel like it has almost everything I could possibly require at this moment.

The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.

With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp.

I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.

The active scanner, which does an automated search of any web vulnerabilities.

PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.

It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated.

We'd like to have more integration potential across all versions of the product.

The pricing of the solution is quite high.

There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.

A lot of our interns find it difficult to get used to PortSwigger Burp's environment.

One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that.

There is not much automation in the tool.

I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us.

As with most automated security tools, too many false positives.

The reporting needs to be improved; it is very bad.