We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price.
I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating.
Cyber Security Specialist at a university with 10,001+ employees
Real User
Sep 20, 2022
The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it.
Sr. Cloud Solution Architect - SAP on Azure at Accenture
Real User
May 2, 2022
For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host.
IT Security Analyst at a tech services company with 11-50 employees
Real User
Jan 7, 2021
I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.
Senior Test Engineer II at a financial services firm with 201-500 employees
Real User
Oct 11, 2020
The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees
Vendor
Aug 19, 2019
The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues.
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Real User
Jul 8, 2019
Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it.
Security Analyst at a tech services company with 201-500 employees
MSP
Feb 3, 2019
"The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved."
Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.
PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to...
The solution helped us discover vulnerabilities in our applications.
It is a time-saver application.
You can download different plugins if you don't have them in the standard edition.
It was easy to learn.
We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections.
The solution scans web applications and supports APIs, which are the main features I really like.
The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price.
The intercepting feature is the most valuable.
PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors.
I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating.
It offers very good accuracy. You can trust the results.
It's good testing software.
The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it.
The solution is stable.
The initial setup is simple.
For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host.
The most valuable feature is Burp Collaborator.
We use the solution for vulnerability assessment in respect of the application and the sites.
PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.
I have found the best features to be the performance and there are a lot of additional plugins available.
The solution has a great user interface.
The solution has a pretty simple setup.
I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.
The extension that it provides with the community version for the skills mapping is excellent.
The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs.
In my area of expertise, I feel like it has almost everything I could possibly require at this moment.
The active scanner, which does an automated search of any web vulnerabilities.
There is no other tool like it. I like the intuitiveness and the plugins that are available.
The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.
With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp.
You can scan any number of applications and it updates its database.
The most valuable features are Burp Intruder and Burp Scanner.
The most valuable feature is the application security. It also has a reasonable price.
The suite testing models are very good. It's very secure.
The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately.
The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues.
Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it.
BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding.
Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.
This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps.
This tool is more accurate than the other solutions that we use, and reports fewer false positives.
"The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved."