Coming October 25: PeerSpot Awards will be announced! Learn more
2019-02-03T08:25:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 3

What needs improvement with PortSwigger Burp?

Please share with the community what you think needs improvement with PortSwigger Burp.

What are its weaknesses? What would you like to see changed in a future version?

11
PeerSpot user
11 Answers
MM
Cyber Security Specialist at a university with 10,001+ employees
Real User
2020-01-29T11:22:31Z
29 January 20

The interface for the automatic scan can be improved because it is easy for technical users, but the business users have trouble with it. There is documentation but the interface should be more user-friendly. There should be a heads up display like the one available in OWASP Zap. I think that it would be a very good addition.

VR
Director at Capgemini
Real User
2020-01-29T11:22:00Z
29 January 20

The Burp Collaborator needs improvement. There also needs to be improved integration.

AR
AVP - Software Quality Assurance at a tech services company with 201-500 employees
Real User
2020-01-19T06:38:00Z
19 January 20

The solution isn't too stable. The fundamentals of it make it difficult to use. Sometimes it takes me to other applications that are being run. The scalability capabilities of the solution could be improved.

NC
IT Manager at a manufacturing company with 10,001+ employees
Real User
2019-08-22T05:49:00Z
22 August 19

The biggest drawback is reporting. It's not so good. I can download reports, but they're not so informative. For example, they are providing very good information about vulnerabilities, but when you are scanning the whole pathway, we want to see information like percentages, how much is finishing, and how much it is not, etc. If the scan fails, they should tell us when or how it stopped, if it failed, why it has failed, and how to avoid something like this from happening again. They need something more in-depth and more technical. I would like to have some more features, which I can play around with. It's not so flexible.

RO
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees
Real User
2019-08-19T05:47:00Z
19 August 19

The number of false positives needs to be reduced on the solution. I'm not sure whether some features need to be added because the product has a specific toolset, and if I do need some additional features, currently I get them in different security products. The solution, however, could better integrate with various other tools.

Vijayanathan Naganathan - PeerSpot reviewer
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Real User
2019-07-08T07:42:00Z
08 July 19

In the earlier versions what we saw was that the REST API was something that needed to be improved upon but I think that has come in the new edition when I was reading through the release offset available. There is a certain amount of lead time for the tickets to get resolved. The biggest improvement that I would like to see from PortSwigger is what many people see as a need in their security testing that coudl be priortized and developed as a feature which can be useful. For example, if they're able to take these kinds of requests, group them, prioritize and show this is how the correct code path is going to be in the future, this is what we're going to focus around in building in the next six months or so. That could be something that will be really valuable for testers to have.

Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,590 professionals have used our research since 2012.
Real User
2019-07-07T00:05:00Z
07 July 19

The Auto Scanning features should be updated more frequently and should include the latest attack vectors. It would be really helpful if the issue details contained example recommendations on how to fix the issues identified, or perhaps point to external recommendations for reference.

AS
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees
Real User
Top 10Leaderboard
2019-06-06T08:18:00Z
06 June 19

I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory. Sometimes, the application is blocking. The reporting also needs improvement. Specifically, if there is an issue that exists on many pages, then I do not want to see the same thing repeated many times throughout the report. Rather, it should be pointed out as a global error, and only shown the one time. In the next version, I would like an option to scan the environment where the application is installed. I would also like a better cryptographic study, with more controls.

PeerSpot user
Security Specialist at Alfa-A IT
Real User
2019-05-29T23:42:00Z
29 May 19

The scanner and crawler need to be improved.

it_user787785 - PeerSpot reviewer
Senior Security Engineer at a insurance company with 10,001+ employees
Real User
2019-05-16T07:47:00Z
16 May 19

There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual. This would help us to better understand the product, and we would not need to buy a separate book. In the next release, I want to see it more interactive and have more multitasking with some faster features. Sometimes scanning takes a long time, so they need to add more tricks to reduce the time spent in security testing.

JA
Security Analyst at Sensiple
MSP
2019-02-03T08:25:00Z
03 February 19

The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.

Related Questions
RT
Subdirector de Seguridad Informática e Infraestructura at a financial services firm with 201-500 employees
Nov 17, 2021
I would like to know if nowadays (2021) the license of Burp Suite Pro is worth the cost. Is it a good option to use OWASP Zap instead for testing security in web applications?
2 out of 3 answers
15 March 21
First things first both are having their own merits, however in my personal experience ZAP can replace your burpsuite for sure considering the License. Also as the latest ZAP versions are covering more advanced techniques and spidering patterns with lots of options in it, it is worth considering ZAP. However remember that burpsuite from latest versions with inbuilt chromium and it's emerging plugin support (Installable jars) you can use burp to the fullest and you can keep it as a swiss knife for your web and app pentesting. Couple of extensions in burp pro are interesting especially the race condition one. I always prefer using Burp and at instances I go with ZAP.
VD
Lead Security Architect at a comms service provider with 1,001-5,000 employees
17 March 21
Yes OWASP ZAP is a good option as it's an open source so always preferred but Burp Suite Pro  will give you more options, its one of the best tool to have for pentesters so defo worth it.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Jun 26, 2019
One of the most popular comparisons on IT Central Station is OWASP Zap vs PortSwigger Burp. People like you are trying to decide which one is best for their company. Can you help them out? What is the biggest difference between OWASP Zap and PortSwigger Burp? Which of these two solutions would you recommend to a colleague evaluating application security testing tools and why?Thanks for helpin...
See 1 answer
Vijayanathan Naganathan - PeerSpot reviewer
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
26 June 19
Hello Nick, Am in a full day training the whole of this week and travelling over the weekend. I can help with response early next week. Hope that works for you. Thanks Vijay
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 05, 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedicated to improving software security. It operates under an open community model, meaning that anyone can participate in and contribute to OWASP-related online chats and projects. The OWASP ensures that its offerings (online tools, videos, forums, events, etc.) remain free and are easily accessible t...
See 2 comments
Ben Arbeit - PeerSpot reviewer
Manager at a retailer with 51-200 employees
31 July 22
Thanks for this informative article.
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
05 August 22
OWASP is nice, but very specific and currently limited. How about trying ISO-24772 for all?
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 04, 2022
Hi community members, Here is our new Community Spotlight for YOU. We publish it to help you catch up on recent contributions by community members. Do you find it useful? Please comment below! Trending Top HCI in 2022 What are the main differences between XDR and SIEM? Articles Top 5 Ethernet Switches in 2022 SASE: what is it and what are the main benefits? Questions Che...
Ram Chenna - PeerSpot reviewer
Enterprise Architect at Blueray Digital Services
Dec 15, 2021
Privacy Concerns in an RPA Implementation Program. The biggest concern we (as RPA solution implementors) have faced when interacting with clients and customers were: 1. Regulatory and Compliance issues. 2. InfoSec and Security issues. 3. Audit Issues. Regulatory and Compliance Issues: There is a huge penalty if the wrong data gets updated and emails are sent to customers by the regulatory...
Tjeerd Saijoen - PeerSpot reviewer
CEO at Rufusforyou
Sep 03, 2021
ICT is getting more and more complex: today I have several systems in Chicago, several more in Amsterdam and if you need to protect your environment you will need to check on-premises, the cloud at Amazon, and the cloud at Microsoft Azure.  Why is Performance related to security? For the following reasons:  Today we need more than one tool to protect our environment. You need anti-spoofing...
See 2 comments
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
01 September 21
Very good insights about correlation for security with performance.
Johann Delaunay - PeerSpot reviewer
Key Account Manager at ITRS Group
03 September 21
Interesting positioning and way of thinking, thank you very much for the article!
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 05, 2022
What is OWASP Top 10 in 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedi...
Download Free Report
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
DOWNLOAD NOW
634,590 professionals have used our research since 2012.