PortSwigger Burp Suite Enterprise Edition Reviews

I work with security testing tools for SaaS, focusing on static application security testing and using tools like Burp Suite for replaying Apex.

The most appreciated functionality of PortSwigger Burp Suite is its ability to perform brute force attacks automatically. Its automated scanning feature saves time. 

Additionally, using this tool provides significant security insights, making our testing process more efficient and comprehensive, leading to considerable time savings, which in turn translates to financial benefits.

It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively.

I have known the solution for about seven years and have been using it for approximately four years.

Burp Suite Enterprise Edition is a very stable product. I would rate its stability at nine out of ten.

Scalability is not a pertinent consideration for my use case, so I do not focus on that aspect.

Previously, I used Katalon Studio. I switched because my career shifted from functional testing to security testing.

The initial setup was relatively quick, taking about ten to 15 minutes.

I handled the implementation myself without the assistance of any external people.

Saving time translates to financial savings. I estimate saving about 50% of our budget due to time saved.

I am using the Community Edition, which is free, however, I understand there might be extra expenses for additional features or services.

I would recommend PortSwigger Burp Suite because it is essential in security testing and provides extensive functionality with good documentation and tutorials. However, the configuration required is a bit cumbersome, preventing a perfect ten in rating. 

Overall, I rate the product eight out of ten.

We used it for our dynamic application testing. Whenever we had an instance or application that we wanted to run on a running instance to mimic an attacker, we used Burp Suite. We observed whether it was intercepting certain calls and modified them to understand areas that were weak, identifying vulnerabilities that the application had.

It was vital in helping us because we didn't have to utilize our own testing environment. We could utilize Burp Suite to mimic our normal procedures without having multiple people on the test environment, configuring and maintaining it. The tool allowed us to mimic attacks and gain real-time detection of issues without needing additional resources for a test environment.

The most valuable part of it was probably the ability to intercept and modify calls. It has a UI that informs you of what happens to a call if you get a response, along with a suite of catalogs for different vulnerabilities and how it works against them.

Scalability could be better. It's primarily focused on dynamic application security testing but might require integration with another platform to handle larger environments efficiently.

I used it for about two years.

It was very stable. It didn't go down much, and we relied on it a lot.

For larger environments, it might need integration with another platform to provide better scalability.

PortSwigger was efficient and responded on time if we needed assistance. Most issues were straightforward, and we didn't encounter many problems.

Positive

It was a team of four or five engineers.

Burp Suite limits the number of test environments needed to identify vulnerabilities, which prevents unnecessary use of resources like AWS instances.

For Enterprise, I'm not sure of the pricing. For Professional, it's about $400 per year. If you're using it as it should be used, the pricing is reasonable based on the benefits it provides.

I'd rate the solution eight out of ten.

We use the solution for vulnerability assessment and penetration testing. We can escalate vulnerabilities. We can also use it for mobile app traffic detection and SQL injection.

We can escalate the vulnerabilities we see on the web application. The product is easy to use. It is seamless and easy to work with.

It would be better if the solution is cloud-based. If it's installed on a server, we can access the solution even when we are working from home.

I am using the solution currently.

The tool is stable.

The tool is scalable. Every technical person in my company is using the solution. It is a mandatory system that we have to go through. We have around 15 users.

The initial setup is very easy and straightforward. We just need to download and install it. If it's Burp Suite Community Edition, we are good to go. If it's Burp Suite Professional, we must have the license.

I recommend the solution to others. We can run SQL injection in Burp Suite Community Edition but not scan the websites. We would need Burp Suite Professional for it. We can use the solution to scan web applications and escalate vulnerabilities.

We can do penetration testing on the vulnerabilities that are detected on the web application. The tool also provides other features that we can use to simulate attacks for learning purposes. Overall, I rate the tool a nine out of ten.

I use the solution for web application auditing and security audits for web applications.

The solution's extensions really expand the capabilities and features offered by the installation. Without the extensions, a lot of things may be out of reach or hard to implement.

From my personal experience, the solution's performance could be improved. I would be just starting out with the websites trying to scan it, and the solution consumes around 3 GB of RAM, which is not really efficient.

I have been using PortSwigger Burp Suite Enterprise Edition for many years.

I haven't encountered any critical bugs with the tool.

Three people are using the solution in our organization. We haven’t faced any issues with the solution’s scalability.

The solution’s initial setup is very easy.

Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities.

I would advise users to limit Burp Suite usage to specific scenarios and applications. Users should use the solution as an expert testing tool instead of using it as a general scanner or for information gathering in general. The tool might be overwhelming initially for new users, but it will be easy after you get used to the UI, features, and options.

PortSwigger Burp Suite Enterprise Edition has been doing an amazing job for years compared to other similar tools.

Overall, I rate the solution an eight out of ten.

I use PortSwigger Burp Suite Enterprise Edition in my company to do the vulnerability assessment manually and test web applications and APIs. Even for mobile phones, the tool helps because it allows users to interpret the network calls of mobile applications that go through the server.

The most valuable feature of the solution is the active scan, which helps with crawling through web applications, allowing users to explore the full application, including each and every functionality of the web application. The network calls that are sent to the server are saved in PortSwigger Burp Suite Enterprise Edition, after which all those network calls are scanned, meaning the solution does an active scan on them.

PortSwigger Burp Suite Enterprise Edition's new features released in the last two years are really good, so I won't say that I am not looking at any new features. The product's latest feature, which was really good, but had an issue since it allowed us in our company to put the proxy in the browser and then connect it with PortSwigger Burp Suite Enterprise Edition to get the calls resolved with the help of setup allowing for browser features inside PortSwigger Burp Suite Enterprise Edition.

I want PortSwigger Burp Suite Enterprise Edition to be available on the cloud, though my concerns stem from the fact that I don't know how an application hosted on the cloud can do a proxy for an application.

I can't recall what needs to be added to the solution to make it better, but I have seen that when I use the product, I feel that the tool needs to have a few elements added to it.

The cost per license per user could be cheaper, specifically for individual licensing.

I have been using PortSwigger Burp Suite Enterprise Edition for three years. My company is a customer of the product.

I have never found any issues with the stability of PortSwigger Burp Suite Enterprise Edition since it gets regularly updated.

Generally, each user needs to have one license, but for an enterprise, a single license can allow multiple users to use it, meaning each and every user can install the application so the product can be installed and run properly.

In my previous company, the solution had more than 50 users who used to take care of the pen testing.

I have never contacted the solution's technical support team for any help.

The product's initial setup phase was super easy. The product's installation phase is similar to any normal web application.

The solution is deployed on an on-premises model.

PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies.

PortSwigger Burp Suite Enterprise Edition is the best tool for the manual assessment of web application testing or pen testing. Individual licensing would be expensive, but an enterprise license would be good for the organization.

It is one of the best tools for VAPT testing of web and mobile applications.

One of the issues that I faced was pushing the proxy in the browser and then setting up PortSwigger Burp Suite Enterprise Edition, which was eventually resolved.

I rate the overall tool a ten out of ten.

Our main use case for the tool is web application security. We utilize it to identify various types of vulnerabilities.

This tool helps identify vulnerabilities. We then provide the report to the developers, who address the issues identified automatically. Its most valuable feature is CI/CD integration. 

The solution's automation capabilities are 95 percent effective. The tool's features, like ease of integration and effectiveness in identifying vulnerabilities, are also valuable. Additionally, it simplifies the process of providing codes.

PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers.

I have been working with the product for five years. 

The tool is stable. I rate it a six out of ten. 

I rate PortSwigger Burp Suite Enterprise Edition's scalability as seven out of ten. My company has five users. 

I rate PortSwigger Burp Suite Enterprise Edition's deployment as seven out of ten. It can be completed in 15 minutes. 

We can see cost efficiency immediately while using the tool. 

The tool's pricing is reasonable and costs around 400 dollars per year. 

I rate the overall product an eight out of ten. 

We use PortSwigger Burp Suite Enterprise Edition for application security.

The tool is loaded with many features that give us ROI. 

The product needs to have the ability to evaluate more. 

I have been using the product for two years. 

PortSwigger Burp Suite Enterprise Edition is mature and stable. 

My company has five users. 

The tool's deployment requires knowledge. It didn't take us much time since we had ample guidance. 

I rate the product a nine out of ten. 

PortSwigger Burp Suite Enterprise Edition is a web application interceptor. It can intercept the traffic between the client and the server.

The most valuable features of PortSwigger Burp Suite Enterprise Edition are the vast amount of options and ease of use. They frequently improve the solution every six months to a year. Additionally, if we want any more features we can upload a custom script to meet our needs.

There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings.

I have been using PortSwigger Burp Suite Enterprise Edition for approximately 13 years.

PortSwigger Burp Suite Enterprise Edition is a stable solution.

The scalability of PortSwigger Burp Suite Enterprise Edition depends on the license you have. If you want more users you can.

I have not used the support from PortSwigger Burp Suite Enterprise Edition because it is straightforward.

The initial setup of PortSwigger Burp Suite Enterprise Edition is very easy. The deployment took approximately 10 to 15 minutes.

There are three different licenses available for PortSwigger Burp Suite Enterprise Edition, open-source, professional, and enterprise.

My advice to others is this is a good solution and it can be used for security assessments.

I rate PortSwigger Burp Suite Enterprise Edition a ten out of ten.

I'm using the solution for the vulnerability scan and for basically all the kinds of applications that we use in our environment. My client is a product-based company - one of the premier Fortune 500 companies, and they are into medical equipment product manufacturing. We develop quite a lot of applications for our hardware and some of the internal requirements as well. Those applications only get deployed in hospitals and other kinds of medical equipment. I'm using it for vulnerability scanning and more for application scanning.

The most valuable part is that a beginner can run those scans and the V scanning of that particular vulnerability. I can set my vulnerability scan into different configurations and I can run the scan and I can do the part myself. It helps me out sometimes.

The solution can scale. 

Technical support is helpful.

The initial setup is straightforward.

There are lots of false positives. That is a bad part. It's something that they can work on.

If I'm scanning, I'm running a vulnerability scan and those libraries are there, sometimes those vulnerabilities of the libraries like Java or something gets reported, and sometimes it misses. That I have also raised with our team, however, they were not able to satisfy me in that aspect. Some Java libraries are outdated. It was showing vulnerability in an older version, in the older configuration. Once I updated my vulnerability scanner, and not that Java library, and still, vulnerability scanner missed that particular vulnerability. Regarding the binaries part. There was a lot of long technical discussion that has happened with the Enterprise support team. Too many times the vulnerability scan fails.

The solution is a bit expensive.

I'd like to see a DST, an image testing. Mobile also would be helpful. It would make the product a better player in the scanning part. 

There are lots of vulnerability scanners that are providing code analysis. They can increase it to be a competitive product in the market. 

We have looked at other solutions and products to add to get more tools. Code analysis, mobile, and APIs are becoming big on the market and this solution doesn't answer all of those needs just yet.

I haven't been quite using the solution for 12 months. I've been using it for about 6 months or so.

Professionally, I have used the product for more than seven, eight years. From the very beginning, I've been using Burp Suite in my career. 

The stability is a big issue. So many times the scans fail. In comparison, I'm using the Burp Suite Enterprise as well as that UI version. I am missing that part. Generally, we install on the client version that is there. The client generally finishes their scans quickly, however, in Enterprise it runs for four days, five days, or six days. That is a major pain point. Once I compare that with the HP WebInspect or some other vulnerability scanners, they generally do the job a little bit quicker. Most of the time the vulnerability scan doesn't fail in those either. In this one, after running a comparison seven days straight, on the seventh day, it may have failed due to a failed check or some checks that are not positive.

I have set up whatever the settings are there, yet, if it fails after four days, it impacts my environment. You have put up a vulnerability scan, based on what you're supposed to do. I'm a cybersecurity tester also. Depending upon my schedule, it affects my schedule. If I have a shared customer, this application will be scanned in three days and we'll be doing the manual assessment in another coming one week or two weeks, whatever the application size may be. Once this fails, it impacts my other commitments as well. 

I have not tried to scale the solution. Six, seven images I have deployed. However, the scalability is there. I can deploy multiple scanners for multiple portals. It's a good option actually. I've used mostly Burp Suite Enterprise, and therefore, I don't know much about other scanners. Due to the fact that I've used HP WebInspect, and IBM AppScan, I use them on my laptop only. If those options are now available, I have to update my last decade of experience.

Right now there are three or four people that work with this solution.

I've had lots of calls with technical support. When we raise a ticket, we get a very quick response.

The initial setup was pretty straightforward. I just needed to type in a mail on the support portal. If there are issues on the portal, the support team generally addresses them.

The deployment was easy. It takes about 48 hours, maybe, and that's it. It didn't take much time. It's a simple one actually. It was very general. Support is also very helpful during the deployment process.

We had the assistance of support when we needed it during the installation and deployment process.

Next year, my license expires. 

This is costly, and we are planning to use the professional version more as we're in the process of buying the professional version also. For the most part, we will not choose the Enterprise version due to the cost, and the stability. Only for scanning purposes am I'm using the Enterprise version. Other than that, it's not much. Everything is on the professional version for the most part. If it's all there, why would I pay so much extra? Therefore, when the license expires, I won't be getting an Enterprise version.

Right now, we are using the community version, however, we are looking to choose the most appropriate tier. We're mostly using it for upgrades and testing purposes.

The licensing is paid on a yearly basis. It's an expensive solution.

I did not evaluate other solutions first. I was new to this environment. Once I came along, the company was already using the product. I was not in decision-making on that. Later on, I introduced the Professional version. 

We are service providers and we work with clients, however, we are not a partner.

The latest version is currently deployed basically in one of my virtual drives. It's in my Center, not necessarily on the cloud.

I'd advise other potential users that deploying in vCenter is much better - than you can back up everything and stuff like that. You're protected if your system is down. That said, it generally helps in the VM setup. It helps with scaling and deploying multiple scanners too.

I'd rate the solution at a seven out of ten.

We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time.

The implementation of the solution is quite complicated and could be easier. 

I have been using the solution for five months.

Most of my clients are medium-sized businesses using the solution.

The installation is somewhat difficult, we had some initial technical issues but most have been resolved. The main issue was with the installation agent, it required us to reboot several times. This could have been because of the system environment at the client's site because in our lab, the agent installation is really straightforward and it did not require reboots. When we did the install at the client site, we experience that sometimes it required several reboots after the agent installation, it surprised us and we are still working on fixing it. 

I rate Fortinet FortiSIEM a seven out of ten.