PortSwigger Burp Suite Professional Reviews

The solution is for web security testing and the primary use is to eliminate the false positives.

This solution has helped our company in many ways. PortSwigger Acadamy has given us the knowledge to be able to do deeper tests. The effectiveness of the tests is directly proportional to your knowledge about security testing. Even if you do not have this knowledge at the beginning you still you can perform some kind of testing. If you do not know how to choose your payload then it is going to suggest the built-in payloads to which you can perform those test attacks.

You do not need to be an expert to use the solution, an intermediate skilled person can use it and over time they can become an expert. Sometimes it is difficult to find skilled employees to start working in this field for your company but with PortSwigger the new employee does not have to be an expert because they are able to grow quite quickly in their knowledge.

The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.

There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.

In a future release, if there could be some kind of autonomous function, or user behavior prediction that would be beneficial.

I have been using this solution for approximately three years.

The solution has not had any crashes or any problems. It is reliable.

The solution is scalable. There are types of operations we can do and it has good peak performance.

PortSwigger has something called Academy where you can go to learn about many things related to security testing.

The installation is very easy.

The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable.

I have evaluated Zap.

My advice to others just starting out with security testing is to evaluate Zap, which is open-source, to allow them to get an understanding of the processes. Then once they have an understanding they should look into PortSwigger Burp Suite Professional. This solution would win in comparison with its features and would be a very good choice after they have some experience.

I rate PortSwigger Burp Suite Professional an eight out of ten.

PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors.

Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time.

I have been using PortSwigger Burp Suite Professional for the last six months.

PortSwigger Burp Suite Professional is a stable solution.

PortSwigger Burp Suite Professional is a very good product. My experience with the solution has been very good.

Overall, I rate PortSwigger Burp Suite Professional an eight out of ten.

The solution is primarily used for scanning the webpage and for the incoming traffic for the application.

The solution is most valuable for finding and developing the application. If there is leakage of data or some external links, we can deal with it.

The solution is stable.

The scalability is good.

The solution offers helpful technical support and has excellent documentation.

Sometimes the solution can run a little slow. When we’re cracking passwords, we have issues with responsiveness.

I used the solution for one year.

Mostly the solution is stable. Sometimes while using the password cracker, it took some time. Sometimes it gets a bit slow by adding up the number of rules. It took some time to crack the passwords of applications.

It is pretty easy to scale the product.

We had ten to 12 people using the solution. It was a small environment.

Technical support was excellent. They were very fast. They also offered good documentation which was very helpful to have on hand.

Positive

I started with Burp Suite. I’ve only used that. I haven't used anything other than that.

For the setup, on my end, I just got access via the organization when I first started using it. I haven't set up the entire cloud, the Burp Suite cloud. I used it by using some credentials only. Therefore, I'm not that good at setting up the enrollment.

The entire setup was done on the cloud. There were only three to four people needed for deployment and maintenance. They are well experienced in those areas.

The deployment part was entirely done by another team. We, as a team, used to test the application. We didn't know much about how the setup was arranged.

I’m not aware of the pricing side of things. It might have been paid monthly, however, I don’t know much more than that.

My company was parters with Portswigger.

I’m not sure which version of the solution we were using.

Everyone seems very happy with the solution. There are some learning modules as well so that we can go into the tool and understand it well. I would suggest the solution to my colleagues.

I’d rate the solution nine out of ten.

We are using the latest version and are in the process of upgrading it. 

We use the solution for vulnerability assessment in respect of the application and the sites. We use the intruder part, which is essentially the Proxy part, to check whether any brute-force attacks can be undertaken. 

We wish that the Spider feature would appear in the same shape that it does in previous versions. 

I believe we have developmental tools such Accuratix. It would be nice if the report that was accepted upon scanning would highlight all the weaknesses from the perspective of my application. 

We have been using PortSwigger Burp Suite Professional for the last three years.

We have had no issues with the stability. 

As we only have a couple of licenses, we have not encountered any issues concerning the scalability. 

The technical support is all right. 

This said, we have requested support on a couple of occasions, specifically one concerning training relating to the new features and add-ons coming onto the application, and this is still outstanding. 

The initial setup is not very complex. Rather, it is easy and straightforward. 

For a country such as Sri Lanka, the pricing is not reasonable. 

There are around 10 people using the solution in our organization.

I don't have any advice off the cuff. When it comes to the web crawling features, it does not need to be in the same shape as before, but it would be nice if it allowed us to index associated things in the manner that we did so in the past. 

I rate PortSwigger Burp Suite Professional as a nine out of ten. 

I was working in internet banking in the Middle East and we used Zap for light testing and we used Burp Suite for more deep protocol and package review of the security.

I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis. You are able to do many different types of scans, such as SQL injection. There are a lot of deep packages analyzing functions that make this solution have more usability.

There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment. The user interface is pretty basic and if you want to do more advanced operations you need to know more technical details, which are not publicly available. You need to get in touch with different engineers or somebody that publishes their experience in a book to be able to get the knowledge in how to use this solution to its fullest.

I have been using this solution for approximately four years.

This is a stable solution when comparing it to competitors.

I have used Zap and it is lightweight compare to this solution's functions. 

The setup is a bit complex.

This solution requires a license. It is expensive but you receive a lot of functionality for the price.

My advice to others is if you have one small web server and static pages, you can easily use Zap. However, if it is a more complex environment, with a payment system, with a lot of content, and has many defined user rules, it is better to use Burp Suite.

I rate PortSwigger Burp Suite Professional a nine out of ten.

We use PortSwigger Burp Suite Professional for security testing and for doing vulnerability scanning mechanisms.

It has partially improved the organization requirement however, The scanning mechanism is pretty slow and takes long duration to scan. Moreover, The server hangs up while scanning. 

This solution provides a very good mechanism for fixing interval time. For example, we can create a schedule, and the schedule runs on time. PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.

It is quite fast and easy to install as well.

It is also a budget-friendly tool.

The reporting needs to be improved; it is very bad.

The dashboard feature or the front-end of the tool does not look good and is not very creative or user-friendly. It looks complicated when we log in to the tool. It looks boring and outdated.

I've been using this solution within the last 12 months.

Stability-wise, improvements have been made, and it is reliable.

Technical support is not so easy to get a hold of. We had to learn most of the things through the documentation. However, the documentation is not readily available online. We have to create new calls for it, and we have to email them. So, if you have a problem, then it can take some time to resolve it.

No dint use. 

The initial setup was straightforward and took about one to two weeks.

It's a budget-based tool, and it's a pretty decent budget tool for the mid-version of the application. It's a lower priced tool that we can rely on with good standard mechanisms. We have a yearly license.

Client provided product

If you're looking for a budget-friendly tool, I would recommend PortSwigger Burp Suite Professional.

On a scale from one to ten, I would rate this tool at seven.

The solution is the standard in application penetration testing and this is what we use it for.

I have found the best features to be the performance and there are a lot of additional plugins available.

I have been using the solution for approximately three years.

The solution is reliable, it is very stable.

The installation is straightforward and simple. It only takes minutes to install.

We did the deployment and one individual can do it, it is not complex. We have a team of three engineers and architects doing the deployments and maintenance.

The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them.

I would recommend this solution to others.

I rate PortSwigger Burp Suite Professional a ten out of ten.

It's an individual tool that security professionals use for their manual pen-testing. We use it for capturing the traffic, intercepting the traffic between the browser and the application. We try to manipulate the applications, the traffic so that whatever input that is accepted by the application is sanitized and validated. We try to analyze the application for input validation. All inputs are handled correctly.

Another use case is having a scanner module built-in where you can browse the entire application. The scanner can continuously scan the application for vulnerabilities based on OWASP Top 10 standards. Likewise, you can come to know what vulnerabilities are in the application. Later, you can go through the vulnerabilities one by one and triage them.  

There are many different modules in Burp Suite. We have a comparator module where you can compare the request and response. You have the Repeater module where you can repeat the sequences. They can be used for other test use cases such as doing disciplinary attacks or brute force attacks on the applications. 

Basically, there are a wide variety of use cases and applications.

Request handling capacity, it do not handle huge chuck of requests as it freezes.

And obviously as all tool does Burp also gives some false positive results, vetting has to be done thoroughly.

The most valuable feature of Burp Suite is probably how we can intercept the request and response. We can manipulate a request and send it back to the server. Intercepting is one of the best features for sure. 

The scanner is excellent. The scanner is one of the good features. If you compare it to more expensive tools like WebInspect or IBM AppScan, you'll realize that, at a very low cost, Burp Suite can provide good results.

The is a good amount of documentation available online. The solution is stable.

The initial setup isn't too complex.

The solution offers some great extensions through a BApp store. Users can implement extensions and upload them to the BApp store.

The solution has a great user interface.

Its strong user community is always helpful when it comes to any problem regarding the tool.

Although it provides great writeup for the identified vulnerabilities but reporting needs to improve with various reporting templates based on standards like OWASP, SANS Top 25, etc. The tools needs to expand its scope for mobile application security testing, where native mobile apps can be tested and can provide interface to integrate with mobile device platform or mobile simulator's. Burp suite has great ability to integrate with Jenkins, Jira, Teamcity into CI/CD pipeline and should provide better ways of integration with other such similar platforms.

I've been using the solution for more than eight years now - right from their open-source free version through to their professional version.

The stability is quite good. We have no complaints. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

Obviously, Burp Suite is a DAST tool and good asset for pentester's. However, we need to see how best it can be utilized for automation so that DAST can be automated. Dynamic application testing can be automated and can integrate Burp into CI/CD pipeline using Jenkins. That said, we need to make it use it in a more efficient way. There should be some methods or some guidance from Burp on how best we can use it for automation.

We've never interacted with tech support. That's mostly due to the fact that there is already a lot of material that is available online. With all of the details readily available, we don't need to interact with tech support.

The initial setup isn't too difficult. It's JAR based. I would say it's an analog file. It just requires minimum requirements like Java and a license. After that, you are good to go.

Burp Suite provides different licenses. They have open-source free-to-use licenses, which can be used by anyone. Then, they have a standalone license that, as a security professional, you can use. They have their Enterprise version as well. I use the professional version.

Initially, when we were using Burp Suite, I hardly remember the version we started at. 

The actual costs vary from country to country, however, I would say it's cheaper if you compare it to other DAST solutions and tools.

Compared to other web applications assessment tools Burp suite is a solid tool for web based penetration testing for a reasonable price.

We are just customers and end-users.

I'd advise other organizations that this solution is a pretty good tool for manual penetration testing. It has good features like the Scanner and Sequencer, Repeater, and there are extensions. Burp extensions are available where they can customize Burp behavior using their own or third-party code. Those features will be really useful for Burp users. It's also obviously a very cost-effective option.

I would rate the solution at a nine out of ten.