PortSwigger Burp Suite Professional Reviews

We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application.

Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications. 

Primarily we have three users, but keep in mind, we only have a single environment, which we need to improve and expand. 

The traffic interception capabilities are great. Spidering also produced some good results for us.

A lot of our interns find it difficult to get used to PortSwigger Burp's environment. The environment should be improved a little bit. Once you get used to it, it's fine, but it should be more simplified for newcomers. This would save us from constantly having to brief our interns. 

The stability is good; so far, we haven't come across any bugs.

We use some different tools for web application testing, like Nmap and others. If PortSwigger Burp could actually scale up for web application scanning, that would be really good. This way, instead of using different tools, we could easily rely on one tool for all testing.

We haven't had any reason yet to contact technical support. Aside from support, they should hold consistent webinars and offer updates, briefings, and panel discussions. This would greatly enhance our knowledge.

Otherwise, the technical support is good enough. We haven't required their assistance yet, but soon we'll be needing assistance and information surrounding the latest improvements and updates.

The initial setup can be complex. It needs to be deployed in between the traffic. They should include some case-scenarios to help, like a scenario-based briefing, that would really help and add a lot of value for the initial application tester. 

It's a very unique way of pricing. It varies depending on the type of testing you are performing. Manual testing is expensive, but as we don't have another option, it seems to be fair.

I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. 

On a scale from one to ten, I would give this solution a rating of eight.

If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten.

In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.

We used this solution as a proxy. It's a software that intercepts HTTP requests. You can modify them on your system for testing web applications.

It's an amazing tool. We can work with it automatically, or we can work with it manually.

There is no other tool like it. I like the intuitiveness and the plugins that are available.

The plugins are similar to integration. I can create my own login and use it.

The use of system memory is an area that can be improved because it uses a lot. They need to reduce the amount of system memory it uses.

I have been working with PortSwigger Burp for four years.

We can say that it is stable, but it is using a lot of RAM.

It's a scalable solution.

We have more than 30 users in our organization.

Technical support is good, they have a good response time.

The initial setup is straightforward.

This solution requires no maintenance.

PortSwigger is reasonably-priced. It's fair.

They have more features than I can use and I need more time to utilize this solution 100%.

I highly recommend it because everybody in Web Applications Security is using it.

I would rate PortSwigger Burp a nine out of ten.

Our primary use for this solution is to perform vulnerability scanning before we deploy software in production.

This solution has done a lot to improve our organization. It allows us to be proactive and solve issues before our external auditors find them. 

The most valuable feature of this solution is the scanning functionality. Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.

Burp Intruder is another very good feature in this solution.

I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory. Sometimes, the application is blocking.

The reporting also needs improvement. Specifically, if there is an issue that exists on many pages, then I do not want to see the same thing repeated many times throughout the report. Rather, it should be pointed out as a global error, and only shown the one time. 

In the next version, I would like an option to scan the environment where the application is installed. I would also like a better cryptographic study, with more controls.

This solution is very stable.

I would say that this is a very scalable solution.

We do plan to increase our usage, but not beyond the Professional version. It is not our intention to move to the Enterprise version right now.

I would rate their technical support a five out of five.

The initial setup and deployment are straightforward and take very little time.

Only one person from the IT department is required for deployment and maintenance.

We handled the implementation internally.

Our licensing cost is approximately $400 USD per year. There are no costs in addition to the standard licensing fees.

We did evaluate other options before choosing this solution.

I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are available.

I would rate this solution a nine out of ten.

We are an auditing company. We use this solution for auditing purposes for the infrastructure of our customers.

The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs. 

One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome.

I have been using this solution for more than a year.

It is stable. We didn't have any issues.

Its scalability is great. We have almost five users who are using the product, and they're happy with this product. 

We've got very good support from their team.

We previously used some open-source applications, but later on, we found out that, unfortunately, they are not good products. We had to use the applications of all other products separately in our environment, but PortSwigger can do all things itself. That's why we switched to PortSwigger.

The initial setup was very simple.

I implemented it on my own.

It has a yearly license. I am satisfied with its price.

We did consider one more product and had a discussion about the product features. We found PortSwigger to be the best match for our business.

It is a very good product. You must try it once.

I would rate PortSwigger Burp a nine out of ten. I am satisfied with this product. It is a great experience.

I use this primarily for intercepting mobile HTTP and HTTPS requests with SSL pinning bypass. It's a better tool for manual tasks.

This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps.

The best feature that I've found is the built-in manual tools.

The scanner and crawler need to be improved.

My primary use case for this solution is designed around my own personal use. Burp Suite is a graphical tool for testing Web application security. The tool is written in Java.

I use Burp Suite on my laptop in my room for my personal research study. Since I don't use it for corporate work or company research purposes I can't comment on how it has improved my organization. 

In my opinion, all of the features seem to be of equal value really. I'm currently using the latest version.

The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.

My impressions of the stability of the solution are quite good.

My impressions of the scalability of the solution are good.

At work, I use an open source SAP solution. It's a free tool. It's a fully automated tool and it's fully furnished. Currently, I'm the only user and it's my job to analyze this product.

The initial setup was somewhat complex, to be honest.

My only advice for anyone looking for a personal use case for testing Web application security is this is a good option.

Before choosing this tool, no, I didn't evaluate any other options. I know what I wanted and I'm very happy with it.

It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement.

Great product. I rate this product a 9 out of 10 for its total package of value-added features.

Currently, we're trying to import the solution to implement it to other applications for our website. So far, it's been fantastic.

The suite testing models are very good. It's very secure.

The solution isn't too stable. The fundamentals of it make it difficult to use. Sometimes it takes me to other applications that are being run.

The scalability capabilities of the solution could be improved.

I've been using the solution for three years.

The stability is okay, but we are finding issues.

The solution doesn't offer very good scalability.

We haven't had to contact technical support.

We didn't previously use a different solution.

The initial setup is straightforward. Deployment doesn't take more than two to three hours.

We handled the implementation ourselves.

We use the on-premises deployment model.

I'd rate the solution nine out of ten. I haven't compared it with other vendors, but it is a best-seller currently.