PortSwigger Burp Suite Professional Reviews

The solution is used for penetration testing of any kind of application. We use it for security testing workflow daily.

PortSwigger Burp Suite Professional is a very good tool. The solution helped us discover vulnerabilities in our applications. Vulnerability elimination is the most important feature.

The intercept feature is valuable. It helps us intercept the traffic and make manual changes. We can find vulnerabilities that are not detected by other products. Burp Intruder is applicable only when there are no blockers on the websites. Burp Repeater impacts the testing outcomes. We use it if we have multiple visits for a specific request. Everything is well-defined.

The tool is very expensive.

I have been using the solution for five years. I am using the 2023 version.

The tool is highly stable. I rate the stability a ten out of ten.

The tool is highly scalable. I rate the scalability a nine out of ten. We have four to five customers. We work with medium-sized businesses.

The setup can be done easily. I rate the ease of setup a ten out of ten. It is a stress-free process. The deployment takes two to three days. The deployment process is very simple. We just do the installation setup and install the key.

I rate the pricing a ten out of ten. There are no additional costs associated with the product.

Burp Intruder does not work if there are multiple requests for a single API. I will recommend the tool to others. Overall, I rate the solution a ten out of ten.

We use the solution for scanning and manual penetration testing. We have a verification and security assessment as a dynamic security assessment for manual application testing.

The solution helps to automate API security assessments. It incorporates features of both black hat and red team engagements. We streamline bug bounty hunts. It helps in API testing, where manual intervention was previously necessary for each payload. With the new deck feature, Burp Suite enables automation accessible in the external tab. This feature allows testers to select specific targets, such as login or registration pages, and apply different attack vectors. It enhances efficiency, saving time and resources, which is beneficial when dealing with larger-scale web applications or numerous APIs.

Manual assessment in the tool is great.

Scanning needs to be improved in enterprise and professional versions. The enterprise version has challenges related to scheduled scans. If a scan fails after two days without notification during offline periods, that time is lost. Sometimes, it took up to 24 hours to realize that certain tests had failed for various reasons. There's significant room for improvement in automating scans.

I have been using PortSwigger Burp Suite Professional for more than 10 years.

The product is a good tool for application assessment.

I rate the solution’s stability an eight-point five out of ten.

The automation features in Burp Suite For vulnerability assessment and penetration testing may not be as extensive as other tools like NetSparker. Other tools may offer more comprehensive capabilities, especially in areas such as source code. Features like capture and OTP testing might be more robustly supported in other tools. There may be limitations in automation with Burp Suite Professional. NetSparker could be more suitable for tasks like two-factor authentication testing.

Four to five are using this solution.

The professional version is not very scalable, whereas the enterprise version is scalable. I can run multiple scans.

Technical support is good.

Positive

We have used Netsparker and WebInspect. WebInspect is very difficult to operate.

The initial setup takes more than a week. The professional version is a plug-and-play.

There is a Java package that you can easily use without installing it.

The product is cheap compared to other products.

I rate the product’s pricing a seven out of ten, where one is expensive and ten is cheap.

We have an infrastructure and DevOps team of eight to ten people for solution maintenance.

Reporting is good and very light. The response is fine.

I recommend the solution for dynamic assessment.

Overall, I rate the solution a nine out of ten.

I'm primarily using it for testing of the company's website.

The interface is good.

It is easy to use.

I am certified with the product and have a good understanding of it.

The usability is very good.

It offers very good accuracy. You can trust the results. 

It's good software that is great for a beginner to use.

It can scale. 

The product is stable and reliable. 

It works for me. I don't see any missing features. 

The solution is not easy to set it up. You need a lot of knowledge. I'd like to see more documentation. They need to provide more videos and more information about the solution. The website isn't as helpful as it could be. They need to provide more information and maybe provide courses to help people get the most out of it. 

For smaller organizations, the solution is expensive. 

I've been using the solution for two years. 

I'd rate the stability eight out of ten. It is pretty stable. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is very scalable. I'd rate the ability to extend ten out of ten.

Three people are using the solution.

I do not have any experience with technical support. I had a colleague who would deal with support.

I used to use OWASP Zap. It is a free solution. I moved to Burp as the accuracy rate was higher. We wanted something that provided correct information about errors. 

The initial setup was a bit difficult. For a beginner, it's tough to set up. I'd rate the solution three out of ten in terms of ease of setup. There isn't proper documentation to help you through the process. 

I cannot recall how long the deployment took. I watched a lot of videos and just went ahead with eh setup myself. 

The product doesn't require any maintenance. 

I handled the initial setup myself. I did not have any outside assistance. 

I have witnessed an ROI. It is worth the money.

It is a bit expensive for smaller companies. If you're using it in a small company or for your own purposes, it's costly. I'd rate the cost three out of ten in terms of affordability.

I'm not sure of the exact cost of the solution as I don't directly deal with licensing. 

I'm a customer. I'm using the professional version. It is the latest version. They always update it and provide me with the latest upgrades. 

I'd recommend the solution to others. It's very accurate and easy to use. 

I would rate the solution. Ten out of ten. 

PortSwigger Burp Suite Professional can be used on the cloud or on-premise.

The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it.

PortSwigger Burp Suite Professional could improve the static code review.

In an upcoming release, PortSwigger Burp Suite Professional can give some possible remedies for any issues it has discovered after a scan of an application. At this time it provides vulnerabilities, having the possible remedies would be a benefit. It would be useful for the developers, to fix the issue immediately.

I have been using PortSwigger Burp Suite Professional for approximately five years.

The stability of PortSwigger Burp Suite Professional is good.

The scalability of PortSwigger Burp Suite Professional is good, it can integrate with other platforms.

In my previous company, I worked for we had 50 people using this solution and in my current company we have approximately 500 people using it.

We can easily reach out to PortSwigger Burp Suite Professional support by phone, email, chat option, and a ticketing option, which is very good.

I rate the support from PortSwigger Burp Suite Professional a five out of five.

Positive

The initial setup of PortSwigger Burp Suite Professional is very simple.

Before choosing PortSwigger Burp Suite Professional I compared other tools, such as IBM AppScan. I found that PortSwigger Burp Suite Professional was more into web application security. The solution is very helpful, easy to use, and install.  They have a free version and anybody can start within minutes.

What solution is best depends on the client size and their requirements. If the client has a large enough budget, or if they're looking for an overall feature, I would recommend PortSwigger Burp Suite Professional as the primary go-to tool. However, if they're having any specific requirements, then they will have to think about using IBM AppScan.

I would recommend the solution to technical professionals and non-technical persons. It is easy to use.

I rate PortSwigger Burp Suite Professional a nine out of ten.

Mainly, the solution is a proxy. It also contains different tools, including intruder tools for customized automated attacks and tools for repeating requests, or decoding, et cetera. Many tools are there that can perform different tasks for different use cases. Apart from that, we have the BApp Store which contains a lot of tools as well. This Burb Suite is an application where we have all the tools. 

It is mainly used for pen testing.

Features such as the Intruder, Repeater, and Proxy have helped our organization a lot.

The Intruder, Repeater, and Proxy features have been great.

The initial setup is simple.

It is an easily scalable product.

The solution is very stable. 

In some cases, we got a few file postings while doing it by the automatic scan. If that could be better, that would be ideal. The scanner could just be updated a bit more. 

We'd like to have more integration potential across all versions of the product. The enterprise version seems to have better integration services than others. 

I've been working with the solution for six years. 

The solution is quite stable. There are no bugs or glitches and it doesn't crash or freeze. It is reliable. 

The solution scales well. It's not an issue.

I have also had some queries and I have used their support services. It was like all solutions out there. They are quite good in general.

Positive

I have used many other tools. This is one of the best tools that I'm using. I found this one much better. 

We have found the initial setup to be very simple and straightforward. It's not overly complex or difficult. 

For any configuration for deployment in our project, we assign two people. We have a small team of two aligned with our project. They will handle everything related to implementation. The setup doesn't take longer than one day.

In terms of maintenance, for the customers, what we are doing is we have an internal cyber security team, in which there are people doing the pen test. There are people who are doing the vulnerability assessment for the WASP scan, SaaS. For each, we have a separate team, and based on that, most of the deployments are done by these pen testers only. We do not provide maintenance for customers, however, we do provide reporting and technical support.

Before Burb Suite, we had our own technical team there for everything, including deployment. We have a separate network team and they will manage everything - including installation. It is very simple. You can download that directly. It's all very easy to do in-house.

I don't deal with any aspect of the licensing at this time. I can't speak to the exact pricing. 

I'm just a customer and an end-user.

We're using the latest version of the solution. We usually give an auto-update functionality. All the updates came automatically. We are updating it automatically.

We actually have an .EXE file in our system. We have the professional version. We've downloaded and given out the access key. It's on-premises, not the cloud. 

Overall, I've been very happy with the solution. I'd rate it nine out of ten.

We primarily use the solution for security testing - specifically for web-application security. 

The crawling capability is excellent.

The product has very good reporting capabilities. They give you multiple reporting options.

The solution has a variety of different extensions that you can use.

The solution has a pretty simple setup.

The pricing of the solution is quite high. It would be ideal for the customers if they could lower the costs involved in their subscription.

We have new tools in R language programming platforms that are coming up. The solution needs to ensure its compatible with that language.

I've been using the solution for about two years at this point.

We use this solution every day. I don't have any issues with the solution. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable.

I'm a consultant. I tend to use the tool for my clients. I only have one license on my computer. I don't need to scale the product.

The solution is scalable, however. There's a different version for that aspect. You have Community, Professional, and Enterprise editions. Each has different capabilities.

The solution offers good support services. There's also the product team that can assist. Overall, I've been happy with the level of service I've received.

I've worked with other solutions, such as Acutenix. As a consultant, I always have two to three tools for running and validating for testing. There is no plus or minus to each tool, really. The process itself would be more like using multiple tools to find out whether it appears in all the tools or not.

The initial setup is not overly complex. It's easy and straightforward. A company shouldn't have any issues with the implementation process.

The deployment takes a maximum of an hour, actually. If you have to configure some prerequisites, it is one hour tops. There are advanced setups, however, how advanced the implementation depends on the client environment. If a company has an advanced setup, it could take some time. 

Ultimately, the solution is installed directly onto my laptop.

The maintenance process is pretty minimal. The yearly subscription keeps everything updated. They will notify you if there is an upgrade that needs to be addressed.

The pricing of the solution is quite high. Costs are based on their subscription model. The pricing affects whether a client will engage with me and the solution or not. It could be a deal-breaker. Budgets are often tight.

The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription.

I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients.

This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution.

I'd recommend this solution. It's one more tool to have in your bag.

I would rate the solution at a ten out of ten.

I'm a junior cybersecurity analyst, and I'm helping the seniors to do some testing. Meanwhile, I'm also getting trained with the tool. I mostly use it for vulnerable apps assessment and some auditing. Other analysts use it for penetration testing.

We are using the latest version. We downloaded it three days ago.

I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.

I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us. 

I have been using PortSwigger Burp for six months now.

I have found no issues so far with its stability. I can't complain anything about it.

I can't say much about that because we are going to transition to cloud management. I don't know for sure how it is going to scale up. We are still in the testing and planning stages. We currently have approximately five users, and our team is still growing.

I haven't yet used their technical support.

The initial setup is completely easy. It took a day to deploy.

It is expensive for us in Brazil because the currency exchange rate from a dollar to a Brazilian Real is quite steep.

It is a really big solution. There are so many modules. You got to have some training to do it properly and go through a lot of documentation.

I would rate PortSwigger Burp a nine out of ten. I haven't found anything to complain about, but there is always some room for improvement.

We use this solution when we develop any of our software applications and host it with the website for external clients. All of the applications go through the vulnerability scanner.

Burp Suite is very helpful. The extension that it provides with the community version for the skills mapping is excellent.

The interface for external clients needs improvement.

Currently, the scanning is only available in the full version of Burp, and not in the Community version.

I would like the scanning included for free also.

We have been using this solution for a year and a half.

It's a stable solution. We have not had any issues.

I have not contacted technical support. 

We have not experienced any issues where we couldn't resolve them using our internal team.

We have not required any technical support.

When we compare it to other programs that we have such as OWAP Zap, we found Burp to be more suitable.

The initial setup is straightforward.

It is very easy to automate. It requires some configuration that has you follow step by step instructions. 

It can take four to five hours to go live.

Anyone with minimal knowledge and training can use this tool.

We are using the community version, which is free.

We evaluated OWASP Zap, which was fully open-source.

We use the community version and found that Burp was easier and more useful.

The interface is better in PortSwigger Burp.

I would rate PortSwigger Burp an eight out of ten.