PortSwigger Burp Suite Professional Reviews

I use PortSwigger Burp Suite Professional for penetration testing.

For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host. 

The price could be better. The rest is fine.

I have been using PortSwigger Burp Suite Professional for more than ten years.

PortSwigger Burp Suite Professional is a stable solution. Sometimes we are limited because of a firewall, and they will block all the proxy requests. Sometimes there are some challenges, but we can manage them.

PortSwigger Burp Suite Professional is a scalable solution. We have about 200 users in our company.

Technical support is very good. 

The initial setup is straightforward, but it is not very user-friendly, and you need someone to install the certificate. It is a bit complex, but we can manage that one. It took more than half an hour to deploy this solution.

They should reduce the license cost a little bit. It is $400 per user, and it would be better if they could reduce the licensing fee. 

I would tell potential users that if they want to go for penetration testing,  PortSwigger Burp Suite Professional is the obvious choice. 

On a scale from one to ten, I would give PortSwigger Burp Suite Professional an eight.

I mainly use Burp Suite for manual testing, using it as a proxy to do my manual pen test.

Burp Suite gives you a very good automated scanning tool, which gives you around sixty to seventy percent security coverage without having to use a security resource. Once the developer gets the report, they've got the PortSwigger lab to explain the vulnerability and have a POC right there, so it's very beneficial for developers.

The most valuable feature is Burp Collaborator.

BurpSuite has some issues regarding authentication with OAT tokens that need to be improved.

I've been using this solution for around seven years.

The Professional version is not very scalable because you need to buy licenses for each user, but the Enterprise version takes care of that.

The support for the Enterprise solution isn't the best (I'd rate it as three out of five), but the Professional version provides all the documentation and the PortSwigger labs, so it's much better.

Positive

I previously used OS SAP, but I switched to Burp Suite when the support for that solution stopped.

The initial setup is very easy because Burp Suite has very good documentation. Setup took less than an hour, though it might take a less-experienced person longer to install a mobile application because of the application-level security.

I would say Burp Suite has now surpassed SAP as a tool. The main aspect of Burp Suite is that it's like an army knife for a hacker, it's not just the automation or the scanning that it brings. For a person with 80-90% knowledge of application security, this tool is a must-have. I would rate Burp Suite nine out of ten.

I was working in internet banking in the Middle East and we used Zap for light testing and we used Burp Suite for more deep protocol and package review of the security.

I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis. You are able to do many different types of scans, such as SQL injection. There are a lot of deep packages analyzing functions that make this solution have more usability.

There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment. The user interface is pretty basic and if you want to do more advanced operations you need to know more technical details, which are not publicly available. You need to get in touch with different engineers or somebody that publishes their experience in a book to be able to get the knowledge in how to use this solution to its fullest.

I have been using this solution for approximately four years.

This is a stable solution when comparing it to competitors.

I have used Zap and it is lightweight compare to this solution's functions. 

The setup is a bit complex.

This solution requires a license. It is expensive but you receive a lot of functionality for the price.

My advice to others is if you have one small web server and static pages, you can easily use Zap. However, if it is a more complex environment, with a payment system, with a lot of content, and has many defined user rules, it is better to use Burp Suite.

I rate PortSwigger Burp Suite Professional a nine out of ten.

We use PortSwigger Burp Suite Professional for security testing and for doing vulnerability scanning mechanisms.

It has partially improved the organization requirement however, The scanning mechanism is pretty slow and takes long duration to scan. Moreover, The server hangs up while scanning. 

This solution provides a very good mechanism for fixing interval time. For example, we can create a schedule, and the schedule runs on time. PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.

It is quite fast and easy to install as well.

It is also a budget-friendly tool.

The reporting needs to be improved; it is very bad.

The dashboard feature or the front-end of the tool does not look good and is not very creative or user-friendly. It looks complicated when we log in to the tool. It looks boring and outdated.

I've been using this solution within the last 12 months.

Stability-wise, improvements have been made, and it is reliable.

Technical support is not so easy to get a hold of. We had to learn most of the things through the documentation. However, the documentation is not readily available online. We have to create new calls for it, and we have to email them. So, if you have a problem, then it can take some time to resolve it.

No dint use. 

The initial setup was straightforward and took about one to two weeks.

It's a budget-based tool, and it's a pretty decent budget tool for the mid-version of the application. It's a lower priced tool that we can rely on with good standard mechanisms. We have a yearly license.

Client provided product

If you're looking for a budget-friendly tool, I would recommend PortSwigger Burp Suite Professional.

On a scale from one to ten, I would rate this tool at seven.

PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors.

Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time.

I have been using PortSwigger Burp Suite Professional for the last six months.

PortSwigger Burp Suite Professional is a stable solution.

PortSwigger Burp Suite Professional is a very good product. My experience with the solution has been very good.

Overall, I rate PortSwigger Burp Suite Professional an eight out of ten.

PortSwigger Burp Suite Professional can be used on the cloud or on-premise.

The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it.

PortSwigger Burp Suite Professional could improve the static code review.

In an upcoming release, PortSwigger Burp Suite Professional can give some possible remedies for any issues it has discovered after a scan of an application. At this time it provides vulnerabilities, having the possible remedies would be a benefit. It would be useful for the developers, to fix the issue immediately.

I have been using PortSwigger Burp Suite Professional for approximately five years.

The stability of PortSwigger Burp Suite Professional is good.

The scalability of PortSwigger Burp Suite Professional is good, it can integrate with other platforms.

In my previous company, I worked for we had 50 people using this solution and in my current company we have approximately 500 people using it.

We can easily reach out to PortSwigger Burp Suite Professional support by phone, email, chat option, and a ticketing option, which is very good.

I rate the support from PortSwigger Burp Suite Professional a five out of five.

Positive

The initial setup of PortSwigger Burp Suite Professional is very simple.

Before choosing PortSwigger Burp Suite Professional I compared other tools, such as IBM AppScan. I found that PortSwigger Burp Suite Professional was more into web application security. The solution is very helpful, easy to use, and install.  They have a free version and anybody can start within minutes.

What solution is best depends on the client size and their requirements. If the client has a large enough budget, or if they're looking for an overall feature, I would recommend PortSwigger Burp Suite Professional as the primary go-to tool. However, if they're having any specific requirements, then they will have to think about using IBM AppScan.

I would recommend the solution to technical professionals and non-technical persons. It is easy to use.

I rate PortSwigger Burp Suite Professional a nine out of ten.

We are using the latest version and are in the process of upgrading it. 

We use the solution for vulnerability assessment in respect of the application and the sites. We use the intruder part, which is essentially the Proxy part, to check whether any brute-force attacks can be undertaken. 

We wish that the Spider feature would appear in the same shape that it does in previous versions. 

I believe we have developmental tools such Accuratix. It would be nice if the report that was accepted upon scanning would highlight all the weaknesses from the perspective of my application. 

We have been using PortSwigger Burp Suite Professional for the last three years.

We have had no issues with the stability. 

As we only have a couple of licenses, we have not encountered any issues concerning the scalability. 

The technical support is all right. 

This said, we have requested support on a couple of occasions, specifically one concerning training relating to the new features and add-ons coming onto the application, and this is still outstanding. 

The initial setup is not very complex. Rather, it is easy and straightforward. 

For a country such as Sri Lanka, the pricing is not reasonable. 

There are around 10 people using the solution in our organization.

I don't have any advice off the cuff. When it comes to the web crawling features, it does not need to be in the same shape as before, but it would be nice if it allowed us to index associated things in the manner that we did so in the past. 

I rate PortSwigger Burp Suite Professional as a nine out of ten. 

The solution is the standard in application penetration testing and this is what we use it for.

I have found the best features to be the performance and there are a lot of additional plugins available.

I have been using the solution for approximately three years.

The solution is reliable, it is very stable.

The installation is straightforward and simple. It only takes minutes to install.

We did the deployment and one individual can do it, it is not complex. We have a team of three engineers and architects doing the deployments and maintenance.

The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them.

I would recommend this solution to others.

I rate PortSwigger Burp Suite Professional a ten out of ten.