IT Central Station is now PeerSpot: Here's why
Nagaraj Sheshachalam - PeerSpot reviewer
Lead Cyber Security engineer at a manufacturing company with 10,001+ employees
Real User
Top 5Leaderboard
Is fast, stable, and budget-friendly, but the dashboard needs improvement
Pros and Cons
  • "PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
  • "The reporting needs to be improved; it is very bad."

What is our primary use case?

We use PortSwigger Burp Suite Professional for security testing and for doing vulnerability scanning mechanisms.

How has it helped my organization?

It has partially improved the organization requirement however, The scanning mechanism is pretty slow and takes long duration to scan. Moreover, The server hangs up while scanning. 

What is most valuable?

This solution provides a very good mechanism for fixing interval time. For example, we can create a schedule, and the schedule runs on time. PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running. It is quite fast and easy to install as well. It is also a budget-friendly tool.

What needs improvement?

The reporting needs to be improved; it is very bad. The dashboard feature or the front-end of the tool does not look good and is not very creative or user-friendly. It looks complicated when we log in to the tool. It looks boring and outdated.
Buyer's Guide
PortSwigger Burp Suite Professional
May 2022
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
598,116 professionals have used our research since 2012.

For how long have I used the solution?

I've been using this solution within the last 12 months.

What do I think about the stability of the solution?

Stability-wise, improvements have been made, and it is reliable.

How are customer service and support?

Technical support is not so easy to get a hold of. We had to learn most of the things through the documentation. However, the documentation is not readily available online. We have to create new calls for it, and we have to email them. So, if you have a problem, then it can take some time to resolve it.

Which solution did I use previously and why did I switch?

No dint use. 

How was the initial setup?

The initial setup was straightforward and took about one to two weeks.

What's my experience with pricing, setup cost, and licensing?

It's a budget-based tool, and it's a pretty decent budget tool for the mid-version of the application. It's a lower priced tool that we can rely on with good standard mechanisms. We have a yearly license.

Which other solutions did I evaluate?

Client provided product

What other advice do I have?

If you're looking for a budget-friendly tool, I would recommend PortSwigger Burp Suite Professional. On a scale from one to ten, I would rate this tool at seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at a manufacturing company with 10,001+ employees
Real User
Top 5Leaderboard
Scans any number of apps, database updates automatically; issues with high volume of scanning
Pros and Cons
  • "You can scan any number of applications and it updates its database."
  • "If we're running a huge number of scans regularly, it slows down the tool."

What is our primary use case?

There are three versions and we are using all three - community, professional and enterprise. We use the community and professional versions on premises and the enterprise version is on cloud. I'm an IT Manager. 

What is most valuable?

Burp has several good features; it's cheaper than other solutions and you can scan any number of applications and it updates its database. With the professional version, it creates a lot of applications which you can incorporate with your scanning and enable deep diving in the specific section. 

What needs improvement?

We've faced lots of challenges, including slowing down of the tool, and a lot of error messages, sometimes because of the interface. If we're running a huge number of scans regularly, I think that also slows down the tool so I'm not sure if it is good for lots of scans. I hope they will work on the amount of scans they can handle. There have been improvements in the interface and the reporting structure, but they need to do more. They have a long way to go. For now, if we use the interface directly, we need to use an integration with our web application. We're after value for money. 

For how long have I used the solution?

I've been using this solution for about 18 months. 

What do I think about the stability of the solution?

Stability depends upon the amount of scans you are running. Sometimes there are problems with the stability and it could be improved. 

What do I think about the scalability of the solution?

Scalability depends upon which of the Burp versions you're using. If you're using Pro it's not scalable because it's dedicated to one person. But when it comes to Enterprise, yes it is scalable, it's easy. 

How are customer service and technical support?

Support depends on how much you're paying. We get good support from them which we need because there are lots of issues occurring frequently. The pro version has less problems but it only takes one scan at a time, so it's good but restricting. The technical support is trying to solve the issues of stability we are having right now.

What other advice do I have?

I would recommend this solution depending on the requirements of the company. 

I would rate this solution a seven out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
PortSwigger Burp Suite Professional
May 2022
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
598,116 professionals have used our research since 2012.
Eldar Aydayev - PeerSpot reviewer
President & Owner at Aydayev's Investment Business Group
Real User
Top 10Leaderboard
Plenty of plugins, effective deep package analyzing, and reliable
Pros and Cons
  • "I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
  • "There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."

What is our primary use case?

I was working in internet banking in the Middle East and we used Zap for light testing and we used Burp Suite for more deep protocol and package review of the security.

What is most valuable?

I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis. You are able to do many different types of scans, such as SQL injection. There are a lot of deep packages analyzing functions that make this solution have more usability.

What needs improvement?

There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment. The user interface is pretty basic and if you want to do more advanced operations you need to know more technical details, which are not publicly available. You need to get in touch with different engineers or somebody that publishes their experience in a book to be able to get the knowledge in how to use this solution to its fullest.

For how long have I used the solution?

I have been using this solution for approximately four years.

What do I think about the stability of the solution?

This is a stable solution when comparing it to competitors.

Which solution did I use previously and why did I switch?

I have used Zap and it is lightweight compare to this solution's functions. 

How was the initial setup?

The setup is a bit complex.

What's my experience with pricing, setup cost, and licensing?

This solution requires a license. It is expensive but you receive a lot of functionality for the price.

What other advice do I have?

My advice to others is if you have one small web server and static pages, you can easily use Zap. However, if it is a more complex environment, with a payment system, with a lot of content, and has many defined user rules, it is better to use Burp Suite.

I rate PortSwigger Burp Suite Professional a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Application Security Engineer at a transportation company with 10,001+ employees
Real User
A must-have for those knowledgeable in application security
Pros and Cons
  • "The most valuable feature is Burp Collaborator."
  • "BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."

What is our primary use case?

I mainly use Burp Suite for manual testing, using it as a proxy to do my manual pen test.

How has it helped my organization?

Burp Suite gives you a very good automated scanning tool, which gives you around sixty to seventy percent security coverage without having to use a security resource. Once the developer gets the report, they've got the PortSwigger lab to explain the vulnerability and have a POC right there, so it's very beneficial for developers.

What is most valuable?

The most valuable feature is Burp Collaborator.

What needs improvement?

BurpSuite has some issues regarding authentication with OAT tokens that need to be improved.

For how long have I used the solution?

I've been using this solution for around seven years.

What do I think about the scalability of the solution?

The Professional version is not very scalable because you need to buy licenses for each user, but the Enterprise version takes care of that.

How are customer service and support?

The support for the Enterprise solution isn't the best (I'd rate it as three out of five), but the Professional version provides all the documentation and the PortSwigger labs, so it's much better.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I previously used OS SAP, but I switched to Burp Suite when the support for that solution stopped.

How was the initial setup?

The initial setup is very easy because Burp Suite has very good documentation. Setup took less than an hour, though it might take a less-experienced person longer to install a mobile application because of the application-level security.

What other advice do I have?

I would say Burp Suite has now surpassed SAP as a tool. The main aspect of Burp Suite is that it's like an army knife for a hacker, it's not just the automation or the scanning that it brings. For a person with 80-90% knowledge of application security, this tool is a must-have. I would rate Burp Suite nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Cyber Security Analyst at a tech services company with 11-50 employees
Real User
Top 20
Good reporting, useful features, and great scalability
Pros and Cons
  • "The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
  • "One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."

What is our primary use case?

We are an auditing company. We use this solution for auditing purposes for the infrastructure of our customers.

What is most valuable?

The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs. 

What needs improvement?

One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome.

For how long have I used the solution?

I have been using this solution for more than a year.

What do I think about the stability of the solution?

It is stable. We didn't have any issues.

What do I think about the scalability of the solution?

Its scalability is great. We have almost five users who are using the product, and they're happy with this product. 

How are customer service and technical support?

We've got very good support from their team.

Which solution did I use previously and why did I switch?

We previously used some open-source applications, but later on, we found out that, unfortunately, they are not good products. We had to use the applications of all other products separately in our environment, but PortSwigger can do all things itself. That's why we switched to PortSwigger.

How was the initial setup?

The initial setup was very simple.

What about the implementation team?

I implemented it on my own.

What's my experience with pricing, setup cost, and licensing?

It has a yearly license. I am satisfied with its price.

Which other solutions did I evaluate?

We did consider one more product and had a discussion about the product features. We found PortSwigger to be the best match for our business.

What other advice do I have?

It is a very good product. You must try it once.

I would rate PortSwigger Burp a nine out of ten. I am satisfied with this product. It is a great experience.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Info Sec Engineer at Sri Lanka CERT
Real User
Top 20
An easy to install solution for vulnerability assessment
Pros and Cons
  • "We use the solution for vulnerability assessment in respect of the application and the sites."
  • "We wish that the Spider feature would appear in the same shape that it does in previous versions."

What is our primary use case?

We are using the latest version and are in the process of upgrading it. 

What is most valuable?

We use the solution for vulnerability assessment in respect of the application and the sites. We use the intruder part, which is essentially the Proxy part, to check whether any brute-force attacks can be undertaken. 

What needs improvement?

We wish that the Spider feature would appear in the same shape that it does in previous versions. 

I believe we have developmental tools such Accuratix. It would be nice if the report that was accepted upon scanning would highlight all the weaknesses from the perspective of my application. 

For how long have I used the solution?

We have been using PortSwigger Burp Suite Professional for the last three years.

What do I think about the stability of the solution?

We have had no issues with the stability. 

What do I think about the scalability of the solution?

As we only have a couple of licenses, we have not encountered any issues concerning the scalability. 

How are customer service and technical support?

The technical support is all right. 

This said, we have requested support on a couple of occasions, specifically one concerning training relating to the new features and add-ons coming onto the application, and this is still outstanding. 

How was the initial setup?

The initial setup is not very complex. Rather, it is easy and straightforward. 

What's my experience with pricing, setup cost, and licensing?

For a country such as Sri Lanka, the pricing is not reasonable. 

What other advice do I have?

There are around 10 people using the solution in our organization.

I don't have any advice off the cuff. When it comes to the web crawling features, it does not need to be in the same shape as before, but it would be nice if it allowed us to index associated things in the manner that we did so in the past. 

I rate PortSwigger Burp Suite Professional as a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Lead Software Architect at a tech services company with 201-500 employees
Real User
Top 20
Excellent Community version for skills mapping that is easy to setup and is stable
Pros and Cons
  • "The extension that it provides with the community version for the skills mapping is excellent."
  • "Currently, the scanning is only available in the full version of Burp, and not in the Community version."

What is our primary use case?

We use this solution when we develop any of our software applications and host it with the website for external clients. All of the applications go through the vulnerability scanner.

What is most valuable?

Burp Suite is very helpful. The extension that it provides with the community version for the skills mapping is excellent.

What needs improvement?

The interface for external clients needs improvement.

Currently, the scanning is only available in the full version of Burp, and not in the Community version.

I would like the scanning included for free also.

For how long have I used the solution?

We have been using this solution for a year and a half.

What do I think about the stability of the solution?

It's a stable solution. We have not had any issues.

How are customer service and technical support?

I have not contacted technical support. 

We have not experienced any issues where we couldn't resolve them using our internal team.

We have not required any technical support.

Which solution did I use previously and why did I switch?

When we compare it to other programs that we have such as OWAP Zap, we found Burp to be more suitable.

How was the initial setup?

The initial setup is straightforward.

It is very easy to automate. It requires some configuration that has you follow step by step instructions. 

It can take four to five hours to go live.

Anyone with minimal knowledge and training can use this tool.

What's my experience with pricing, setup cost, and licensing?

We are using the community version, which is free.

Which other solutions did I evaluate?

We evaluated OWASP Zap, which was fully open-source.

We use the community version and found that Burp was easier and more useful.

The interface is better in PortSwigger Burp.

What other advice do I have?

I would rate PortSwigger Burp an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Prasenjit Roy - PeerSpot reviewer
Sr. Cloud Solution Architect - SAP on Azure at Accenture
Real User
Top 10Leaderboard
A web security testing solution with many good functions
Pros and Cons
  • "For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
  • "The price could be better. The rest is fine."

What is our primary use case?

I use PortSwigger Burp Suite Professional for penetration testing.

What is most valuable?

For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host. 

What needs improvement?

The price could be better. The rest is fine.

For how long have I used the solution?

I have been using PortSwigger Burp Suite Professional for more than ten years.

What do I think about the stability of the solution?

PortSwigger Burp Suite Professional is a stable solution. Sometimes we are limited because of a firewall, and they will block all the proxy requests. Sometimes there are some challenges, but we can manage them.

What do I think about the scalability of the solution?

PortSwigger Burp Suite Professional is a scalable solution. We have about 200 users in our company.

How are customer service and support?

Technical support is very good. 

How was the initial setup?

The initial setup is straightforward, but it is not very user-friendly, and you need someone to install the certificate. It is a bit complex, but we can manage that one. It took more than half an hour to deploy this solution.

What's my experience with pricing, setup cost, and licensing?

They should reduce the license cost a little bit. It is $400 per user, and it would be better if they could reduce the licensing fee. 

What other advice do I have?

I would tell potential users that if they want to go for penetration testing,  PortSwigger Burp Suite Professional is the obvious choice. 

On a scale from one to ten, I would give PortSwigger Burp Suite Professional an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions.
Updated: May 2022
Buyer's Guide
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions.