PortSwigger Burp Suite Professional Reviews

We primarily use the solution for security testing - specifically for web-application security. 

The crawling capability is excellent.

The product has very good reporting capabilities. They give you multiple reporting options.

The solution has a variety of different extensions that you can use.

The solution has a pretty simple setup.

The pricing of the solution is quite high. It would be ideal for the customers if they could lower the costs involved in their subscription.

We have new tools in R language programming platforms that are coming up. The solution needs to ensure its compatible with that language.

I've been using the solution for about two years at this point.

We use this solution every day. I don't have any issues with the solution. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable.

I'm a consultant. I tend to use the tool for my clients. I only have one license on my computer. I don't need to scale the product.

The solution is scalable, however. There's a different version for that aspect. You have Community, Professional, and Enterprise editions. Each has different capabilities.

The solution offers good support services. There's also the product team that can assist. Overall, I've been happy with the level of service I've received.

I've worked with other solutions, such as Acutenix. As a consultant, I always have two to three tools for running and validating for testing. There is no plus or minus to each tool, really. The process itself would be more like using multiple tools to find out whether it appears in all the tools or not.

The initial setup is not overly complex. It's easy and straightforward. A company shouldn't have any issues with the implementation process.

The deployment takes a maximum of an hour, actually. If you have to configure some prerequisites, it is one hour tops. There are advanced setups, however, how advanced the implementation depends on the client environment. If a company has an advanced setup, it could take some time. 

Ultimately, the solution is installed directly onto my laptop.

The maintenance process is pretty minimal. The yearly subscription keeps everything updated. They will notify you if there is an upgrade that needs to be addressed.

The pricing of the solution is quite high. Costs are based on their subscription model. The pricing affects whether a client will engage with me and the solution or not. It could be a deal-breaker. Budgets are often tight.

The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription.

I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients.

This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution.

I'd recommend this solution. It's one more tool to have in your bag.

I would rate the solution at a ten out of ten.

I'm a junior cybersecurity analyst, and I'm helping the seniors to do some testing. Meanwhile, I'm also getting trained with the tool. I mostly use it for vulnerable apps assessment and some auditing. Other analysts use it for penetration testing.

We are using the latest version. We downloaded it three days ago.

I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.

I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us. 

I have been using PortSwigger Burp for six months now.

I have found no issues so far with its stability. I can't complain anything about it.

I can't say much about that because we are going to transition to cloud management. I don't know for sure how it is going to scale up. We are still in the testing and planning stages. We currently have approximately five users, and our team is still growing.

I haven't yet used their technical support.

The initial setup is completely easy. It took a day to deploy.

It is expensive for us in Brazil because the currency exchange rate from a dollar to a Brazilian Real is quite steep.

It is a really big solution. There are so many modules. You got to have some training to do it properly and go through a lot of documentation.

I would rate PortSwigger Burp a nine out of ten. I haven't found anything to complain about, but there is always some room for improvement.

We use this solution when we develop any of our software applications and host it with the website for external clients. All of the applications go through the vulnerability scanner.

Burp Suite is very helpful. The extension that it provides with the community version for the skills mapping is excellent.

The interface for external clients needs improvement.

Currently, the scanning is only available in the full version of Burp, and not in the Community version.

I would like the scanning included for free also.

We have been using this solution for a year and a half.

It's a stable solution. We have not had any issues.

I have not contacted technical support. 

We have not experienced any issues where we couldn't resolve them using our internal team.

We have not required any technical support.

When we compare it to other programs that we have such as OWAP Zap, we found Burp to be more suitable.

The initial setup is straightforward.

It is very easy to automate. It requires some configuration that has you follow step by step instructions. 

It can take four to five hours to go live.

Anyone with minimal knowledge and training can use this tool.

We are using the community version, which is free.

We evaluated OWASP Zap, which was fully open-source.

We use the community version and found that Burp was easier and more useful.

The interface is better in PortSwigger Burp.

I would rate PortSwigger Burp an eight out of ten.

We are an auditing company. We use this solution for auditing purposes for the infrastructure of our customers.

The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs. 

One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome.

I have been using this solution for more than a year.

It is stable. We didn't have any issues.

Its scalability is great. We have almost five users who are using the product, and they're happy with this product. 

We've got very good support from their team.

We previously used some open-source applications, but later on, we found out that, unfortunately, they are not good products. We had to use the applications of all other products separately in our environment, but PortSwigger can do all things itself. That's why we switched to PortSwigger.

The initial setup was very simple.

I implemented it on my own.

It has a yearly license. I am satisfied with its price.

We did consider one more product and had a discussion about the product features. We found PortSwigger to be the best match for our business.

It is a very good product. You must try it once.

I would rate PortSwigger Burp a nine out of ten. I am satisfied with this product. It is a great experience.

We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application.

Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications. 

Primarily we have three users, but keep in mind, we only have a single environment, which we need to improve and expand. 

The traffic interception capabilities are great. Spidering also produced some good results for us.

A lot of our interns find it difficult to get used to PortSwigger Burp's environment. The environment should be improved a little bit. Once you get used to it, it's fine, but it should be more simplified for newcomers. This would save us from constantly having to brief our interns. 

The stability is good; so far, we haven't come across any bugs.

We use some different tools for web application testing, like Nmap and others. If PortSwigger Burp could actually scale up for web application scanning, that would be really good. This way, instead of using different tools, we could easily rely on one tool for all testing.

We haven't had any reason yet to contact technical support. Aside from support, they should hold consistent webinars and offer updates, briefings, and panel discussions. This would greatly enhance our knowledge.

Otherwise, the technical support is good enough. We haven't required their assistance yet, but soon we'll be needing assistance and information surrounding the latest improvements and updates.

The initial setup can be complex. It needs to be deployed in between the traffic. They should include some case-scenarios to help, like a scenario-based briefing, that would really help and add a lot of value for the initial application tester. 

It's a very unique way of pricing. It varies depending on the type of testing you are performing. Manual testing is expensive, but as we don't have another option, it seems to be fair.

I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. 

On a scale from one to ten, I would give this solution a rating of eight.

If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten.

In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.

We used this solution as a proxy. It's a software that intercepts HTTP requests. You can modify them on your system for testing web applications.

It's an amazing tool. We can work with it automatically, or we can work with it manually.

There is no other tool like it. I like the intuitiveness and the plugins that are available.

The plugins are similar to integration. I can create my own login and use it.

The use of system memory is an area that can be improved because it uses a lot. They need to reduce the amount of system memory it uses.

I have been working with PortSwigger Burp for four years.

We can say that it is stable, but it is using a lot of RAM.

It's a scalable solution.

We have more than 30 users in our organization.

Technical support is good, they have a good response time.

The initial setup is straightforward.

This solution requires no maintenance.

PortSwigger is reasonably-priced. It's fair.

They have more features than I can use and I need more time to utilize this solution 100%.

I highly recommend it because everybody in Web Applications Security is using it.

I would rate PortSwigger Burp a nine out of ten.

This is a solution for which I provide services to our customers and I also use it personally.

As part of our organization, we build internal applications. Before they are put into production, we run a suite of security tests to ensure that our applications are not vulnerable to any known issues. We use PortSwigger Burp for testing, as well as OSASP Zap. We do similar tests in multiple tools to make sure that we cover the entire set of use cases.

I have this solution deployed as one user on a single machine, which is used by a designated security tester.

The most valuable features are Burp Intruder and Burp Scanner.

The automatic scanning feature is helpful.

The interface for the automatic scan can be improved because it is easy for technical users, but the business users have trouble with it. There is documentation but the interface should be more user-friendly.

There should be a heads up display like the one available in OWASP Zap. I think that it would be a very good addition.

I have worked with PortSwigger Burp for about ten years.

This solution is stable and we have had no major problems.

We have had no issues with scalability, although we are using a standalone installation with only a single user. We may expand usage in the future.

We also have OWASP Zap and we continue to use these two tools.

Zap has a heads up display within its own browser, which is a very good feature. Zap is also completely free, whereas Burp has a free version but it also has licenses available.

For the most part, we use open-source solutions, which are free of charge.

The initial setup is simple and very straightforward. We were not setting up a server, so it took perhaps five minutes to get up to speed and begin using it.

There are different licenses available that include a free version.

We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there.

This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user.

I would rate this solution an eight out of ten.

The most valuable feature is the application security. It also has a reasonable price. 

It has an end product and a repeater. Other solutions don't offer options like these. 

The Burp Collaborator needs improvement. There also needs to be improved integration. 

I have been using PortSwigger Burp for the past six years. 

It's not so stable. Some of the security aspects aren't so stable. 

Burp is scalable. 

We have around 150 users using Burp at my company. We use it daily.  

I haven't needed to contact their technical support. 

The initial setup is simple. It only takes two to three minutes. 

We are consultants so we do the implementation ourselves. 

It only requires one person for the implementation and maintenance. 

It costs 39,000 including taxes per year. 

I would recommend this solution to somebody considering Burp. 

I would rate it an eight out of ten.