We changed our name from IT Central Station: Here's why

PortSwigger Burp Suite Professional OverviewUNIXBusinessApplication

PortSwigger Burp Suite Professional is #1 ranked solution in top Fuzz Testing Tools, #3 ranked solution in AST tools, and #6 ranked solution in application security tools. PeerSpot users give PortSwigger Burp Suite Professional an average rating of 8 out of 10. PortSwigger Burp Suite Professional is most commonly compared to OWASP Zap: PortSwigger Burp Suite Professional vs OWASP Zap. The top industry researching this solution are professionals from a computer software company, accounting for 29% of all views.
What is PortSwigger Burp Suite Professional?

Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

PortSwigger Burp Suite Professional was previously known as Burp.

PortSwigger Burp Suite Professional Buyer's Guide

Download the PortSwigger Burp Suite Professional Buyer's Guide including reviews and more. Updated: January 2022

PortSwigger Burp Suite Professional Customers

Google, Amazon, NASA, FedEx, P&G, Salesforce

PortSwigger Burp Suite Professional Video

PortSwigger Burp Suite Professional Pricing Advice

What users are saying about PortSwigger Burp Suite Professional pricing:
  • "The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable."
  • "There are different licenses available that include a free version."
  • "At $400 or $500 per license paid annually, it is a very cheap tool."
  • PortSwigger Burp Suite Professional Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    VishalDhamke
    Lead Security Architect at SITA
    Real User
    Top 5Leaderboard
    Best for manual penetration testing, a great user interface, and offers good scanning capabilities
    Pros and Cons
    • "The solution has a great user interface."
    • "It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."

    What is our primary use case?

    It's an individual tool that security professionals use for their manual pen-testing. We use it for capturing the traffic, intercepting the traffic between the browser and the application. We try to manipulate the applications, the traffic so that whatever input that is accepted by the application is sanitized and validated. We try to analyze the application for input validation. All inputs are handled correctly.

    Another use case is having a scanner module built-in where you can browse the entire application. The scanner can continuously scan the application for vulnerabilities based on OWASP Top 10 standards. Likewise, you can come to know what vulnerabilities are in the application. Later, you can go through the vulnerabilities one by one and triage them.  

    There are many different modules in Burp Suite. We have a comparator module where you can compare the request and response. You have the Repeater module where you can repeat the sequences. They can be used for other test use cases such as doing disciplinary attacks or brute force attacks on the applications. 

    Basically, there are a wide variety of use cases and applications.

    How has it helped my organization?

    Request handling capacity, it do not handle huge chuck of requests as it freezes.

    And obviously as all tool does Burp also gives some false positive results, vetting has to be done thoroughly.

    What is most valuable?

    The most valuable feature of Burp Suite is probably how we can intercept the request and response. We can manipulate a request and send it back to the server. Intercepting is one of the best features for sure. 

    The scanner is excellent. The scanner is one of the good features. If you compare it to more expensive tools like WebInspect or IBM AppScan, you'll realize that, at a very low cost, Burp Suite can provide good results.

    The is a good amount of documentation available online. The solution is stable.

    The initial setup isn't too complex.

    The solution offers some great extensions through a BApp store. Users can implement extensions and upload them to the BApp store.

    The solution has a great user interface.

    Its strong user community is always helpful when it comes to any problem regarding the tool.

    What needs improvement?

    Although it provides great writeup for the identified vulnerabilities but reporting needs to improve with various reporting templates based on standards like OWASP, SANS Top 25, etc. The tools needs to expand its scope for mobile application security testing, where native mobile apps can be tested and can provide interface to integrate with mobile device platform or mobile simulator's. Burp suite has great ability to integrate with Jenkins, Jira, Teamcity into CI/CD pipeline and should provide better ways of integration with other such similar platforms.

    For how long have I used the solution?

    I've been using the solution for more than eight years now - right from their open-source free version through to their professional version.

    What do I think about the stability of the solution?

    The stability is quite good. We have no complaints. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

    What do I think about the scalability of the solution?

    Obviously, Burp Suite is a DAST tool and good asset for pentester's. However, we need to see how best it can be utilized for automation so that DAST can be automated. Dynamic application testing can be automated and can integrate Burp into CI/CD pipeline using Jenkins. That said, we need to make it use it in a more efficient way. There should be some methods or some guidance from Burp on how best we can use it for automation.

    How are customer service and technical support?

    We've never interacted with tech support. That's mostly due to the fact that there is already a lot of material that is available online. With all of the details readily available, we don't need to interact with tech support.

    How was the initial setup?

    The initial setup isn't too difficult. It's JAR based. I would say it's an analog file. It just requires minimum requirements like Java and a license. After that, you are good to go.

    What's my experience with pricing, setup cost, and licensing?

    Burp Suite provides different licenses. They have open-source free-to-use licenses, which can be used by anyone. Then, they have a standalone license that, as a security professional, you can use. They have their Enterprise version as well. I use the professional version.

    Initially, when we were using Burp Suite, I hardly remember the version we started at. 

    The actual costs vary from country to country, however, I would say it's cheaper if you compare it to other DAST solutions and tools.

    Compared to other web applications assessment tools Burp suite is a solid tool for web based penetration testing for a reasonable price.

    What other advice do I have?

    We are just customers and end-users.

    I'd advise other organizations that this solution is a pretty good tool for manual penetration testing. It has good features like the Scanner and Sequencer, Repeater, and there are extensions. Burp extensions are available where they can customize Burp behavior using their own or third-party code. Those features will be really useful for Burp users. It's also obviously a very cost-effective option.

    I would rate the solution at a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Founder and Director at a financial services firm with 1-10 employees
    Real User
    Top 20
    Great reporting with good crawling capability and offers a simple setup
    Pros and Cons
    • "The solution has a pretty simple setup."
    • "The pricing of the solution is quite high."

    What is our primary use case?

    We primarily use the solution for security testing - specifically for web-application security. 

    What is most valuable?

    The crawling capability is excellent.

    The product has very good reporting capabilities. They give you multiple reporting options.

    The solution has a variety of different extensions that you can use.

    The solution has a pretty simple setup.

    What needs improvement?

    The pricing of the solution is quite high. It would be ideal for the customers if they could lower the costs involved in their subscription.

    We have new tools in R language programming platforms that are coming up. The solution needs to ensure its compatible with that language.

    For how long have I used the solution?

    I've been using the solution for about two years at this point.

    What do I think about the stability of the solution?

    We use this solution every day. I don't have any issues with the solution. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable.

    What do I think about the scalability of the solution?

    I'm a consultant. I tend to use the tool for my clients. I only have one license on my computer. I don't need to scale the product.

    The solution is scalable, however. There's a different version for that aspect. You have Community, Professional, and Enterprise editions. Each has different capabilities.

    How are customer service and technical support?

    The solution offers good support services. There's also the product team that can assist. Overall, I've been happy with the level of service I've received.

    Which solution did I use previously and why did I switch?

    I've worked with other solutions, such as Acutenix. As a consultant, I always have two to three tools for running and validating for testing. There is no plus or minus to each tool, really. The process itself would be more like using multiple tools to find out whether it appears in all the tools or not.

    How was the initial setup?

    The initial setup is not overly complex. It's easy and straightforward. A company shouldn't have any issues with the implementation process.

    The deployment takes a maximum of an hour, actually. If you have to configure some prerequisites, it is one hour tops. There are advanced setups, however, how advanced the implementation depends on the client environment. If a company has an advanced setup, it could take some time. 

    Ultimately, the solution is installed directly onto my laptop.

    The maintenance process is pretty minimal. The yearly subscription keeps everything updated. They will notify you if there is an upgrade that needs to be addressed.

    What's my experience with pricing, setup cost, and licensing?

    The pricing of the solution is quite high. Costs are based on their subscription model. The pricing affects whether a client will engage with me and the solution or not. It could be a deal-breaker. Budgets are often tight.

    What other advice do I have?

    The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription.

    I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients.

    This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution.

    I'd recommend this solution. It's one more tool to have in your bag.

    I would rate the solution at a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Consultant
    Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    564,322 professionals have used our research since 2012.
    IT Manager at a manufacturing company with 10,001+ employees
    Real User
    Top 5Leaderboard
    A very user-friendly solution with good technical support, but it needs more advanced reporting.
    Pros and Cons
    • "The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
    • "The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."

    What is our primary use case?

    We use the solution for scanning our in-house external facing website.

    How has it helped my organization?

    It has been provide user direct access to users scan their websites and find vulnerability in good price. Burp is one of the most extensively used tool in org to do other security based investigations. We are trying to mitigate risk using vulnerabilities identified by Burp.

    What is most valuable?

    The solution is very user-friendly.

    The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately. 

    What needs improvement?

    The biggest drawback is reporting. It's not so good. I can download reports, but they're not so informative. 

    For example, they are providing very good information about vulnerabilities, but when you are scanning the whole pathway, we want to see information like percentages, how much is finishing, and how much it is not, etc. If the scan fails, they should tell us when or how it stopped, if it failed, why it has failed, and how to avoid something like this from happening again. They need something more in-depth and more technical. 

    I would like to have some more features, which I can play around with. It's not so flexible.

    For how long have I used the solution?

    I've been using the solution for more than 1 year.

    What do I think about the stability of the solution?

    The solution sometimes has stability problems when they have fixed or released some new package. Instability has happened to us two or three times. It was difficult because we had to implement this disaster recovery plan at that point in time. It wasn't a disaster, but the whole system does stop because of that.

    What do I think about the scalability of the solution?

    Easily scalable when it comes to Enterprise version. but Enterprise version itself is not as effective as pro.

    How are customer service and technical support?

    The technical support team is very good. They are quick at responding and they help us to resolve issues within the organization.

    In the past, we had issues around connectivity while we were doing some scanning. The scanning kept getting killed somehow. The quality of the job was poor. The scan was not completed successfully, so we needed technical support to assist. It was hard to identify what the issue was and how to fix it, but they did.

    Which solution did I use previously and why did I switch?


    How was the initial setup?

    The installation is not difficult. We only needed one person to handle the implementation. Setting up the agents may be tricky, but if a person is knowledgable, it shouldn't be an issue.

    What about the implementation team?

    Inhouse one

    Which other solutions did I evaluate?

    When we had an issue with scanning, we did look into exploring other options like OWASP Zap, Acunetix, etc. We stayed with Burp because we had it set up in our system, and then they had our scanning issue fixed.

    What other advice do I have?

    We use the on-premises deployment model.

    I would rate the solution seven out of ten.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    VinothKumar5
    Senior Technical Architect at Hexaware Technologies Limited
    Real User
    Effective automatic scanning, Academy portal for learning, and reliable
    Pros and Cons
    • "The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
    • "There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."

    What is our primary use case?

    The solution is for web security testing and the primary use is to eliminate the false positives.

    How has it helped my organization?

    This solution has helped our company in many ways. PortSwigger Acadamy has given us the knowledge to be able to do deeper tests. The effectiveness of the tests is directly proportional to your knowledge about security testing. Even if you do not have this knowledge at the beginning you still you can perform some kind of testing. If you do not know how to choose your payload then it is going to suggest the built-in payloads to which you can perform those test attacks.

    You do not need to be an expert to use the solution, an intermediate skilled person can use it and over time they can become an expert. Sometimes it is difficult to find skilled employees to start working in this field for your company but with PortSwigger the new employee does not have to be an expert because they are able to grow quite quickly in their knowledge.

    What is most valuable?

    The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.

    What needs improvement?

    There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.

    In a future release, if there could be some kind of autonomous function, or user behavior prediction that would be beneficial.

    For how long have I used the solution?

    I have been using this solution for approximately three years.

    What do I think about the stability of the solution?

    The solution has not had any crashes or any problems. It is reliable.

    What do I think about the scalability of the solution?

    The solution is scalable. There are types of operations we can do and it has good peak performance.

    How are customer service and technical support?

    PortSwigger has something called Academy where you can go to learn about many things related to security testing.

    How was the initial setup?

    The installation is very easy.

    What's my experience with pricing, setup cost, and licensing?

    The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable.

    Which other solutions did I evaluate?

    I have evaluated Zap.

    What other advice do I have?

    My advice to others just starting out with security testing is to evaluate Zap, which is open-source, to allow them to get an understanding of the processes. Then once they have an understanding they should look into PortSwigger Burp Suite Professional. This solution would win in comparison with its features and would be a very good choice after they have some experience.

    I rate PortSwigger Burp Suite Professional an eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Saminda Jayawardene
    Compliance Manager at a tech services company with 201-500 employees
    Real User
    Top 5Leaderboard
    Evaluate and ensure the security of web-based applications
    Pros and Cons
    • "In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
    • "A lot of our interns find it difficult to get used to PortSwigger Burp's environment."

    What is our primary use case?

    We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application.

    Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications. 

    Primarily we have three users, but keep in mind, we only have a single environment, which we need to improve and expand. 

    What is most valuable?

    The traffic interception capabilities are great. Spidering also produced some good results for us.

    What needs improvement?

    A lot of our interns find it difficult to get used to PortSwigger Burp's environment. The environment should be improved a little bit. Once you get used to it, it's fine, but it should be more simplified for newcomers. This would save us from constantly having to brief our interns. 

    What do I think about the stability of the solution?

    The stability is good; so far, we haven't come across any bugs.

    What do I think about the scalability of the solution?

    We use some different tools for web application testing, like Nmap and others. If PortSwigger Burp could actually scale up for web application scanning, that would be really good. This way, instead of using different tools, we could easily rely on one tool for all testing.

    How are customer service and technical support?

    We haven't had any reason yet to contact technical support. Aside from support, they should hold consistent webinars and offer updates, briefings, and panel discussions. This would greatly enhance our knowledge.

    Otherwise, the technical support is good enough. We haven't required their assistance yet, but soon we'll be needing assistance and information surrounding the latest improvements and updates.

    How was the initial setup?

    The initial setup can be complex. It needs to be deployed in between the traffic. They should include some case-scenarios to help, like a scenario-based briefing, that would really help and add a lot of value for the initial application tester. 

    What's my experience with pricing, setup cost, and licensing?

    It's a very unique way of pricing. It varies depending on the type of testing you are performing. Manual testing is expensive, but as we don't have another option, it seems to be fair.

    What other advice do I have?

    I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. 

    On a scale from one to ten, I would give this solution a rating of eight.

    If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten.

    In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    SivaPrakash
    Senior Test Engineer II at a financial services firm with 201-500 employees
    Real User
    Top 5Leaderboard
    Finds vulnerabilities but is not always cost effective
    Pros and Cons
    • "The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
    • "One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."

    What is our primary use case?

    Our use cases are to identify the vulnerabilities of OAST and the other applications we are using. 

    What is most valuable?

    The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.

    Additionally, it has good reporting and dashboards and also integrates well with other task management applications that we're using.

    What needs improvement?

    One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that.

    One more thing they can improve is that despite having a good architecture, it needs a lot of specification. So when you start a project, because it requires a high configuration, the instructor costs more than the project. So it's not cost efficient if it's a big project.

    For how long have I used the solution?

    We have different versions of PortSwigger Burp Suite. For the past few years we have been using a professional edition, which is a desktop application. Now we are moving to the Cloud so we explored the enterprise edition. Although we haven't implemented it yet we're already using it. Now we have a better idea how their scanners and spiders actually work.

    We've had a license for the professional version for the past two years.

    What do I think about the scalability of the solution?

    In terms of scalability, I think they can increase the number of regions. And more importantly, it doesn't restrict based on the domains you are scanning. So even if tomorrow you suggest some working space, you can still scan the domains for the regions that you have. If you want to increase the number that you scan, you can buy some more. So scalability is not a big problem, but I think if you are scanning from your side, you have to get the license for some of those activities. That's domain based licensing.

    Right now we have two or three people using it.

    How are customer service and technical support?

    PortSwigger Burp's technical support is all right. The issues are resolved very quickly so we don't have to wait for long. They also provide you with documentation. Just by going through the documentation we can solve many of our problems.

    How was the initial setup?

    The initial setup was straightforward. We can install it on a Linux machine. It was fast to set up.

    What's my experience with pricing, setup cost, and licensing?

    PortSwigger Burp costs around $7,000 and around $2,309 for licensing.

    What other advice do I have?

    On a scale of one to ten I would rate PortSwigger Burp a seven.

    For it to be a 10 it would need to implement the above mentioned different formats for reporting and the interactive security testing.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Cyber Security Specialist at a university with 10,001+ employees
    Real User
    Top 10Leaderboard
    Intruder and automatic scanning features help secure our internal applications pre-production
    Pros and Cons
    • "The most valuable features are Burp Intruder and Burp Scanner."
    • "There should be a heads up display like the one available in OWASP Zap."

    What is our primary use case?

    This is a solution for which I provide services to our customers and I also use it personally.

    As part of our organization, we build internal applications. Before they are put into production, we run a suite of security tests to ensure that our applications are not vulnerable to any known issues. We use PortSwigger Burp for testing, as well as OSASP Zap. We do similar tests in multiple tools to make sure that we cover the entire set of use cases.

    I have this solution deployed as one user on a single machine, which is used by a designated security tester.

    What is most valuable?

    The most valuable features are Burp Intruder and Burp Scanner.

    The automatic scanning feature is helpful.

    What needs improvement?

    The interface for the automatic scan can be improved because it is easy for technical users, but the business users have trouble with it. There is documentation but the interface should be more user-friendly.

    There should be a heads up display like the one available in OWASP Zap. I think that it would be a very good addition.

    For how long have I used the solution?

    I have worked with PortSwigger Burp for about ten years.

    What do I think about the stability of the solution?

    This solution is stable and we have had no major problems.

    What do I think about the scalability of the solution?

    We have had no issues with scalability, although we are using a standalone installation with only a single user. We may expand usage in the future.

    Which solution did I use previously and why did I switch?

    We also have OWASP Zap and we continue to use these two tools.

    Zap has a heads up display within its own browser, which is a very good feature. Zap is also completely free, whereas Burp has a free version but it also has licenses available.

    For the most part, we use open-source solutions, which are free of charge.

    How was the initial setup?

    The initial setup is simple and very straightforward. We were not setting up a server, so it took perhaps five minutes to get up to speed and begin using it.

    What's my experience with pricing, setup cost, and licensing?

    There are different licenses available that include a free version.

    What other advice do I have?

    We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there.

    This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Shrey Sethi
    Penetration Tester at a tech services company with 1,001-5,000 employees
    Real User
    Top 20
    Good interface, feature-rich, and consistently being updated
    Pros and Cons
    • "With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
    • "There is not much automation in the tool."

    What is our primary use case?

    I am a penetration tester at my company and PortSwigger Burp is one of the products that I use in this capacity. It is a manual testing penetration tool.

    What is most valuable?

    There are a lot of good features and the most valuable one varies depending on what test you are performing. They are also consistently improving and releasing new features.

    Two of the most valuable features are the Extender Tab and Repeater.

    With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp. It's not limited to their features because we can always add or do some customization of the features.

    Even if you don't know how to code, there are hundreds of third-party plugins that are available to extend the features of the product. Some of them are open-source and there are some that are provided by Burp.

    The user interface is good, having been changed within the past two years.

    What needs improvement?

    There is not much automation in the tool.

    For how long have I used the solution?

    I have been using Burp Suite for between four and five years.

    What do I think about the stability of the solution?

    This is a very stable product. The tool is 15 years old and very mature.

    What do I think about the scalability of the solution?

    Scalability is not an issue because it is not centrally connected. Rather, it is a per-license, user-based tool. We have more than 20 users in the company.

    How are customer service and technical support?

    The documentation is very good, so I have never needed to contact technical support.

    How was the initial setup?

    The initial setup is very straightforward and simple.

    What about the implementation team?

    No staff is required for maintenance.

    What's my experience with pricing, setup cost, and licensing?

    At $400 or $500 per license paid annually, it is a very cheap tool.

    Which other solutions did I evaluate?

    In comparing features, there is no real competition for this solution. There are a couple of open-source products, but there is no real competitor for the Burp Suite.

    What other advice do I have?

    This is a standard tool in this industry and anybody who is doing application security testing should be aware of it. My advice for anybody who is considering it is that it is very easy to install and configure, and there is lots of documentation available.

    I would rate this solution a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions.