IT Central Station is now PeerSpot: Here's why

What needs improvement with PortSwigger Burp Suite Professional?

Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)

Please share with the community what you think needs improvement with PortSwigger Burp Suite Professional.

What are its weaknesses? What would you like to see changed in a future version?

PeerSpot user
2828 Answers

Mouli Siramdasu - PeerSpot reviewer
Top 20MSP

Sometimes the solution can run a little slow. When we’re cracking passwords, we have issues with responsiveness.

reviewer1871559 - PeerSpot reviewer
Top 20Consultant

In some cases, we got a few file postings while doing it by the automatic scan. If that could be better, that would be ideal. The scanner could just be updated a bit more. We'd like to have more integration potential across all versions of the product. The enterprise version seems to have better integration services than others.

Prasenjit Roy - PeerSpot reviewer
Top 5LeaderboardReal User

The price could be better. The rest is fine.

reviewer1753959 - PeerSpot reviewer
Real User

BurpSuite has some issues regarding authentication with OAT tokens that need to be improved.

Nirosh Anda - PeerSpot reviewer
Top 20Real User

We wish that the Spider feature would appear in the same shape that it does in previous versions. I believe we have developmental tools such Accuratix. It would be nice if the report that was accepted upon scanning would highlight all the weaknesses from the perspective of my application.

Nagaraj Sheshachalam - PeerSpot reviewer
Top 5LeaderboardReal User

The reporting needs to be improved; it is very bad. The dashboard feature or the front-end of the tool does not look good and is not very creative or user-friendly. It looks complicated when we log in to the tool. It looks boring and outdated.

reviewer1526550 - PeerSpot reviewer
Top 5LeaderboardReal User

Although it provides great writeup for the identified vulnerabilities but reporting needs to improve with various reporting templates based on standards like OWASP, SANS Top 25, etc. The tools needs to expand its scope for mobile application security testing, where native mobile apps can be tested and can provide interface to integrate with mobile device platform or mobile simulator's. Burp suite has great ability to integrate with Jenkins, Jira, Teamcity into CI/CD pipeline and should provide better ways of integration with other such similar platforms.

reviewer1508730 - PeerSpot reviewer
Top 20Real User

The pricing of the solution is quite high. It would be ideal for the customers if they could lower the costs involved in their subscription. We have new tools in R language programming platforms that are coming up. The solution needs to ensure its compatible with that language.

reviewer1293489 - PeerSpot reviewer
Top 20Real User

I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us.

reviewer1471662 - PeerSpot reviewer
Top 20Real User

The interface for external clients needs improvement. Currently, the scanning is only available in the full version of Burp, and not in the Community version. I would like the scanning included for free also.

reviewer1458246 - PeerSpot reviewer
Top 20Real User

One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome.

Saminda Jayawardene - PeerSpot reviewer
Top 5LeaderboardReal User

A lot of our interns find it difficult to get used to PortSwigger Burp's environment. The environment should be improved a little bit. Once you get used to it, it's fine, but it should be more simplified for newcomers. This would save us from constantly having to brief our interns.

reviewer1110963 - PeerSpot reviewer
Top 20Consultant

One downside of the solution would be their false positive checks. As with most automated security tools, there is still a high false positive issue. Hopefully they will be able to improve on that in the future. It would also be helpful if the solution had the capability of handling larger reports. Another area of improvement would be to have a customizable dashboard. It's currently restricted now to their own interface. If you want to utilize the other features available in their API documentation, then you have to write some code yourself. It would be great if their interface could be somewhat customizable.

Ashutosh Barot - PeerSpot reviewer
Top 20LeaderboardReal User

The use of system memory is an area that can be improved because it uses a lot. They need to reduce the amount of system memory it uses.

SivaPrakash - PeerSpot reviewer
Top 5LeaderboardReal User

One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that. One more thing they can improve is that despite having a good architecture, it needs a lot of specification. So when you start a project, because it requires a high configuration, the instructor costs more than the project. So it's not cost efficient if it's a big project.

Shrey Sethi - PeerSpot reviewer
Top 20LeaderboardReal User

There is not much automation in the tool.

reviewer1112304 - PeerSpot reviewer
Top 20Real User

We've faced lots of challenges, including slowing down of the tool, and a lot of error messages, sometimes because of the interface. If we're running a huge number of scans regularly, I think that also slows down the tool so I'm not sure if it is good for lots of scans. I hope they will work on the amount of scans they can handle. There have been improvements in the interface and the reporting structure, but they need to do more. They have a long way to go. For now, if we use the interface directly, we need to use an integration with our web application. We're after value for money.

reviewer1223976 - PeerSpot reviewer
Real User

The interface for the automatic scan can be improved because it is easy for technical users, but the business users have trouble with it. There is documentation but the interface should be more user-friendly. There should be a heads up display like the one available in OWASP Zap. I think that it would be a very good addition.

reviewer1170114 - PeerSpot reviewer
Real User

The Burp Collaborator needs improvement. There also needs to be improved integration.

reviewer1261914 - PeerSpot reviewer
Real User

The solution isn't too stable. The fundamentals of it make it difficult to use. Sometimes it takes me to other applications that are being run. The scalability capabilities of the solution could be improved.

reviewer1112304 - PeerSpot reviewer
Top 20Real User

The biggest drawback is reporting. It's not so good. I can download reports, but they're not so informative. For example, they are providing very good information about vulnerabilities, but when you are scanning the whole pathway, we want to see information like percentages, how much is finishing, and how much it is not, etc. If the scan fails, they should tell us when or how it stopped, if it failed, why it has failed, and how to avoid something like this from happening again. They need something more in-depth and more technical. I would like to have some more features, which I can play around with. It's not so flexible.

CyberSecAn08987 - PeerSpot reviewer
Real User

The number of false positives needs to be reduced on the solution. I'm not sure whether some features need to be added because the product has a specific toolset, and if I do need some additional features, currently I get them in different security products. The solution, however, could better integrate with various other tools.

Vijayanathan Naganathan - PeerSpot reviewer
Real User

In the earlier versions what we saw was that the REST API was something that needed to be improved upon but I think that has come in the new edition when I was reading through the release offset available. There is a certain amount of lead time for the tickets to get resolved. The biggest improvement that I would like to see from PortSwigger is what many people see as a need in their security testing that coudl be priortized and developed as a feature which can be useful. For example, if they're able to take these kinds of requests, group them, prioritize and show this is how the correct code path is going to be in the future, this is what we're going to focus around in building in the next six months or so. That could be something that will be really valuable for testers to have.

reviewer1139067 - PeerSpot reviewer
Real User

The Auto Scanning features should be updated more frequently and should include the latest attack vectors. It would be really helpful if the issue details contained example recommendations on how to fix the issues identified, or perhaps point to external recommendations for reference.

reviewer939417 - PeerSpot reviewer
Top 10LeaderboardReal User

I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory. Sometimes, the application is blocking. The reporting also needs improvement. Specifically, if there is an issue that exists on many pages, then I do not want to see the same thing repeated many times throughout the report. Rather, it should be pointed out as a global error, and only shown the one time. In the next version, I would like an option to scan the environment where the application is installed. I would also like a better cryptographic study, with more controls.

Ivan Biagi - PeerSpot reviewer
Real User

The scanner and crawler need to be improved.

it_user787785 - PeerSpot reviewer
Real User

There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual. This would help us to better understand the product, and we would not need to buy a separate book. In the next release, I want to see it more interactive and have more multitasking with some faster features. Sometimes scanning takes a long time, so they need to add more tricks to reduce the time spent in security testing.

Securitydbe0 - PeerSpot reviewer

The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.

Buyer's Guide
PortSwigger Burp Suite Professional
July 2022
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
620,600 professionals have used our research since 2012.