Try our new research platform with insights from 80,000+ expert users
PortSwigger Burp Suite Professional Logo

PortSwigger Burp Suite Professional pros and cons

Vendor: PortSwigger
4.3 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

PortSwigger Burp Suite Professional excels in vulnerability detection using its robust Burp scanner and Intruder tool. Users value its minimized false positives and enhanced functionality via plugins, though improvements in API security testing are needed. Comprehensive testing models support swift vulnerability assessments, despite challenges with report quality and setup complexity. Pricing is considered high, lacking local options, and better documentation is requested. Automation aids efficiency, yet integration with tools like Jenkins requires enhancement.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

PortSwigger Burp Suite Professional excels in automatically and accurately detecting vulnerabilities with its powerful Burp scanner and Intruder tool.
Users appreciate its ability to report fewer false positives compared to other tools, significantly aiding in bug and vulnerability detection for simple web apps.
The Burp Extender feature allows users to enhance functionality with a variety of plugins, expanding the range of security checks available.
Its efficient active scanner and comprehensive testing models facilitate swift and thorough vulnerability assessments and penetration testing.
PortSwigger Burp Suite Professional supports API scanning and automates tasks such as authorization testing, time-saving for users.

CONS

There is a need for improved API security testing and integration with other tools like Jenkins.
Many users experience challenges with false positives, requiring additional verification effort.
Pricing is considered high, and local currency options for regions like Brazil would be beneficial.
Users mention the reporting feature lacks informativeness and could offer different formats like PDF.
New users find the setup process complex, and there's a demand for better documentation and user guides.
 

PortSwigger Burp Suite Professional Pros review quotes

it_user245421 - PeerSpot reviewer
it_user245421
Senior Security Consultant at a tech services company with 501-1,000 employees
May 28, 2015
This is by far the best application assessment tool I have used.
Read full review
it_user492585 - PeerSpot reviewer
it_user492585
Information Systems Security Officer at a financial services firm with 1,001-5,000 employees
Aug 8, 2016
The free version is one of the best proxy tools for manual testing.
Read full review
it_user496968 - PeerSpot reviewer
it_user496968
Penetration Testing Advisor at a tech services company with 1,001-5,000 employees
Nov 7, 2016
I found the best value, features and documentation in Burp.
Read full review
Buyer's Guide
PortSwigger Burp Suite Professional
March 2026
Free Report: PortSwigger Burp Suite Professional Reviews and More
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
884,976 professionals have used our research since 2012.
it_user704997 - PeerSpot reviewer
it_user704997
Senior Information Security Analyst at a tech services company with 10,001+ employees
Dec 19, 2017
I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature.
Read full review
Securitydbe0 - PeerSpot reviewer
Securitydbe0
Security Analyst at a tech services company with 201-500 employees
Feb 3, 2019
"The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved."
Read full review
it_user787785 - PeerSpot reviewer
it_user787785
Senior Security Engineer at a insurance company with 10,001+ employees
May 16, 2019
This tool is more accurate than the other solutions that we use, and reports fewer false positives.
Read full review
IB
Ivan Biagi
Security Specialist at Alfa-A IT
May 29, 2019
This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps.
Read full review
reviewer939417 - PeerSpot reviewer
reviewer939417
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees
Jun 6, 2019
Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.
Read full review
reviewer1139067 - PeerSpot reviewer
reviewer1139067
Works
Jul 7, 2019
BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding.
Read full review
VN
Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Jan 2, 2020
Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it.
Read full review
Show 10 more reviews (out of 60)
 

PortSwigger Burp Suite Professional Cons review quotes

it_user245421 - PeerSpot reviewer
it_user245421
Senior Security Consultant at a tech services company with 501-1,000 employees
May 28, 2015
There are some memory issues, where the application runs out of memory and crashes.
Read full review
it_user492585 - PeerSpot reviewer
it_user492585
Information Systems Security Officer at a financial services firm with 1,001-5,000 employees
Aug 8, 2016
The professional edition of Burp Suite provides some automated pen-testing scripts to detect application vulnerabilities, like SQL injection, XSS, etc. However, this component is not extremely useful.
Read full review
it_user496968 - PeerSpot reviewer
it_user496968
Penetration Testing Advisor at a tech services company with 1,001-5,000 employees
Nov 7, 2016
Spidering large websites can use a lot of memory and might result in a crash on systems with lower RAM.
Read full review
Buyer's Guide
PortSwigger Burp Suite Professional
March 2026
Free Report: PortSwigger Burp Suite Professional Reviews and More
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
884,976 professionals have used our research since 2012.
it_user704997 - PeerSpot reviewer
it_user704997
Senior Information Security Analyst at a tech services company with 10,001+ employees
Dec 19, 2017
The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies.
Read full review
Securitydbe0 - PeerSpot reviewer
Securitydbe0
Security Analyst at a tech services company with 201-500 employees
Feb 3, 2019
The Initial setup is a bit complex.
Read full review
it_user787785 - PeerSpot reviewer
it_user787785
Senior Security Engineer at a insurance company with 10,001+ employees
May 16, 2019
There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual.
Read full review
IB
Ivan Biagi
Security Specialist at Alfa-A IT
May 29, 2019
The scanner and crawler need to be improved.
Read full review
reviewer939417 - PeerSpot reviewer
reviewer939417
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees
Jun 6, 2019
I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory.
Read full review
reviewer1139067 - PeerSpot reviewer
reviewer1139067
Works
Jul 7, 2019
The Auto Scanning features should be updated more frequently and should include the latest attack vectors.
Read full review
VN
Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Jan 2, 2020
The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired.
Read full review
Show 10 more reviews (out of 60)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Fuzz Testing Tools

Popular Comparisons

Popular Comparisons
SonarQube vs PortSwigger Burp Suite Professional Logo
SonarQube vs PortSwigger Burp Suite Professional
Snyk vs PortSwigger Burp Suite Professional Logo
Snyk vs PortSwigger Burp Suite Professional
Checkmarx One vs PortSwigger Burp Suite Professional Logo
Checkmarx One vs PortSwigger Burp Suite Professional
GitLab vs PortSwigger Burp Suite Professional Logo
GitLab vs PortSwigger Burp Suite Professional
Veracode vs PortSwigger Burp Suite Professional Logo
Veracode vs PortSwigger Burp Suite Professional
CrowdStrike Falcon Cloud Security vs PortSwigger Burp Suite Professional Logo
CrowdStrike Falcon Cloud Security vs PortSwigger Burp Suite Professional
Coverity Static vs PortSwigger Burp Suite Professional Logo
Coverity Static vs PortSwigger Burp Suite Professional
GitHub Advanced Security vs PortSwigger Burp Suite Professional Logo
GitHub Advanced Security vs PortSwigger Burp Suite Professional
Acunetix vs PortSwigger Burp Suite Professional Logo
Acunetix vs PortSwigger Burp Suite Professional
Mend.io vs PortSwigger Burp Suite Professional Logo
Mend.io vs PortSwigger Burp Suite Professional
OpenText Core Application Security vs PortSwigger Burp Suite Professional Logo
OpenText Core Application Security vs PortSwigger Burp Suite Professional
OWASP Zap vs PortSwigger Burp Suite Professional Logo
OWASP Zap vs PortSwigger Burp Suite Professional
Sonatype Lifecycle vs PortSwigger Burp Suite Professional Logo
Sonatype Lifecycle vs PortSwigger Burp Suite Professional
GitGuardian Platform vs PortSwigger Burp Suite Professional Logo
GitGuardian Platform vs PortSwigger Burp Suite Professional
HCL AppScan vs PortSwigger Burp Suite Professional Logo
HCL AppScan vs PortSwigger Burp Suite Professional
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Fuzz Testing Tools

Popular Comparisons

Popular Comparisons
SonarQube vs PortSwigger Burp Suite Professional Logo
SonarQube vs PortSwigger Burp Suite Professional
Snyk vs PortSwigger Burp Suite Professional Logo
Snyk vs PortSwigger Burp Suite Professional
Checkmarx One vs PortSwigger Burp Suite Professional Logo
Checkmarx One vs PortSwigger Burp Suite Professional
GitLab vs PortSwigger Burp Suite Professional Logo
GitLab vs PortSwigger Burp Suite Professional
Veracode vs PortSwigger Burp Suite Professional Logo
Veracode vs PortSwigger Burp Suite Professional
CrowdStrike Falcon Cloud Security vs PortSwigger Burp Suite Professional Logo
CrowdStrike Falcon Cloud Security vs PortSwigger Burp Suite Professional
Coverity Static vs PortSwigger Burp Suite Professional Logo
Coverity Static vs PortSwigger Burp Suite Professional
GitHub Advanced Security vs PortSwigger Burp Suite Professional Logo
GitHub Advanced Security vs PortSwigger Burp Suite Professional
Acunetix vs PortSwigger Burp Suite Professional Logo
Acunetix vs PortSwigger Burp Suite Professional
Mend.io vs PortSwigger Burp Suite Professional Logo
Mend.io vs PortSwigger Burp Suite Professional
OpenText Core Application Security vs PortSwigger Burp Suite Professional Logo
OpenText Core Application Security vs PortSwigger Burp Suite Professional
OWASP Zap vs PortSwigger Burp Suite Professional Logo
OWASP Zap vs PortSwigger Burp Suite Professional
Sonatype Lifecycle vs PortSwigger Burp Suite Professional Logo
Sonatype Lifecycle vs PortSwigger Burp Suite Professional
GitGuardian Platform vs PortSwigger Burp Suite Professional Logo
GitGuardian Platform vs PortSwigger Burp Suite Professional
HCL AppScan vs PortSwigger Burp Suite Professional Logo
HCL AppScan vs PortSwigger Burp Suite Professional
See all alternatives
Related questions
  • 198
Is OWASP Zap better than PortSwigger Burp Suite Pro?
  • 50
What is the biggest difference between OWASP Zap and PortSwigger Burp?
  • 173
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 84
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 183
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 139
What are the Top 5 cybersecurity trends in 2022?
  • 71
Which application security solutions include both vulnerability scans and quality checks?
  • 88
We're evaluating Tripwire, what else should we consider?
  • 339
Is SonarQube the best tool for static analysis?
  • 75
Why Do I Need Application Security Software?