Hi Everyone,
What do you like most about PortSwigger Burp Suite Professional?
Thanks for sharing your thoughts with the community!
For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host.
The most valuable feature is Burp Collaborator.
We use the solution for vulnerability assessment in respect of the application and the sites.
PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.
I have found the best features to be the performance and there are a lot of additional plugins available.
The solution has a great user interface.
The solution has a pretty simple setup.
I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.
The extension that it provides with the community version for the skills mapping is excellent.
The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs.
In my area of expertise, I feel like it has almost everything I could possibly require at this moment.
The active scanner, which does an automated search of any web vulnerabilities.
There is no other tool like it. I like the intuitiveness and the plugins that are available.
The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.
With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp.
You can scan any number of applications and it updates its database.
The most valuable features are Burp Intruder and Burp Scanner.
The most valuable feature is the application security. It also has a reasonable price.
The suite testing models are very good. It's very secure.
The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately.
The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues.
Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it.
BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding.
Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.
This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps.
This tool is more accurate than the other solutions that we use, and reports fewer false positives.
"The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved."
I would like to know if nowadays (2021) the license of Burp Suite Pro is worth the cost. Is it a good option to use OWASP Zap instead for testing security in web applications?
Let the community know what you think. Share your opinions now!