PortSwigger Burp Suite Professional Reviews

We are an IT organization. We use the solution for the security testing of applications. It helps us identify vulnerabilities in the applications.

The product has a good learning hub. It is good for beginners who want to learn security testing. The scan reports are good. They cover most things. The reports give details about the issues and suggest solutions. It's really useful for web applications. I use Intruder for brute-force attacks.

The product has a new API feature. It provides the scan report for APIs similar to the scan report we receive when we use web URLs. The vendor must provide documentation on how to use the new API feature. I did not find any guide on how to use the feature.

I have used the solution for two years.

I rate the product’s stability seven out of ten.

The product has limitations for mobile app security testing. We are unable to perform mobile app testing for Android and iOS.

I faced some login issues and contacted the support team, but the team could not provide a solution. I found the solution in the documentation.

Neutral

The tool is easy to install. All the steps are given in the documentation. The installation takes less than 10 to 15 minutes.

PortSwigger Burp Suite Professional is expensive compared to other tools. There are open-source tools available in the market. The cost of one PortSwigger license is expensive.

I have recommended the paid version of the tool in my current organization. Integrations with other tools are moderately easy.

Overall, I rate the product a seven out of ten.

We use the solution for scanning. It also has a repeater function to replay a request. I'm using it for brute forcing and future scheduling.

We have a quick firewall before PortSwigger Burp Suite Professional to test for SQL injection. Suppose the firewall is blocking some special characters. In that case, we can use Intruder to quickly identify which special character is blocked and which characters are enabled by feeding Intruder with a list of all possible special characters. We can also use Intruder to clock the use of some tools like Secure Map. We can feed Intruder with a list of SQL injection or XSS payloads and test the vulnerability directly. The scanner is handy in identifying vulnerabilities. SSTI vulnerabilities are within Burp Suite. It is a time saver and useful tool for most cybersecurity consultants and penetration tests.

PortSwigger is a time-saver application. It has a webscanner feature. The regional agencies can help a lot in identifying potential vulnerabilities.

You can have many false positives in Burp Suite. It depends on the scale of the penetration testing. If you have experience, you can quickly determine the false positive.

PortSwigger Burp Suite Professional lacks an authentication feature for handling certain applications. For example, consider applications that utilize authentication, where tokens typically expire after one hour. Burp does not automatically handle reauthentication in such scenarios. While it does offer a feature to set rules for automatically renewing authentication, it's specific to particular applications. However, the process for applications with token-based authentication has become more complicated. When running a web scanner, authentication may fail due to expired tokens after one hour, rendering the scanner unable to authenticate with the application. 

I have been using PortSwigger Burp Suite Professional for 7 years.

All resources on PortSwigger are online, whether on their website or forums. Whenever we encountered any issue, we contacted their support directly via email. They are pretty quick to respond and provide good assistance.

Positive

We trust Burp Suite to identify vulnerabilities in the application with pretty good accuracy.

The solution is worth the money.

You can enhance web features with Burp Suite because it works well with many plugins. There is a large community around it that develops custom plugins. You can integrate these plugins into your app to quickly identify various vulnerabilities. There are both free and paid plugins available. We build apps exclusively with Burp Suite Professional. There are many tools available to assist with vulnerability management. You can download and export Burp Scanner output and load it into a vulnerability management tool. This allows developers to track vulnerabilities and manage the process of correcting them, providing status updates to management.

Overall, I rate the solution a ten out of ten.

We use the solution to do VAPT. 

I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating.

I need the solution to be more user-friendly. The solution needs to be user-friendly.

I have been using the solution for three years.

It is a stable solution. I rate the stability an eight out of ten.

It is a scalable solution but needs to be more user-friendly. I rate the scalability an eight out of ten.

The initial setup was easy. The deployment takes around a week.

I rate the setup an eight out of ten.

I rate the pricing a four out of ten.

I rate the solution an eight out of ten overall.

We are using the solution for web application testing. From Burp Suite, we can test the application security. We have a team of system auditors, and our auditors use Burp Suite.

We are working with the community version, and it provides all the features we need.

It's good testing software. 

For application security, Burp Suite is one of the best solutions. It has all the proxy and all the features so that we can test all the application's vulnerabilities. 

They have an extension feature, so at intervals, they provide extensions that provide some helpful updates. They continuously update the product, and they continuously provide extensions. Through the extensions, we get new features at regular intervals.

The pricing is fine. 

We can customize and configure as needed.

We found the product to be quite stable. 

It's already great. There isn't anything needed for improvement. 

The initial setup is a bit complex. 

I've used the solution for three years. 

The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution can scale. It's per system. If you are using it on 100 systems, you must install it on all 100 systems. It's not like you install a central product, and you scale. It's not the client-server architecture; you must install it on every system if you want to test.

We have two or three users on the solution.

We've never escalated any issues to technical support. I've never directly dealt with them.

This is among the best in comparison to all other tools. If we compare it to Zap, et cetera, Burp Suite is the best among those. There's also Nikto and lots of tools available. We prefer to work with Burp as Burp Suite is like a framework. It has lots of tools in-built. Therefore, we can do multiple tasks on a single platform from a single framework. It's like a one-stop shop.

The solution is a little bit complex. It's not exactly straightforward. 

The deployment itself was a pretty easy process. It was quick.

We do not find it difficult to maintain the solution.

We handled the initial setup ourselves in-house. 

We use the community version. It's free.

Pricing is not very high. It was around $200.

They have some licenses, and features and they have some different categories. I need to go through the sites, however, I know they have different versions.

We are using Burp Suite. We are not selling Burp Suite.

At this time, we're using the most up-to-date version of the product.

I'd recommend the solution to others. I would rate it ten out of ten.

We use PortSwigger to find simple bugs via authorization and authentication testing. It's about preventing attacks. Burp Suite enables you to drill down and check all test cases, irrespective of the application on which it's built. We are customers of PortSwigger and I'm a consultant.

Port Swigger enables automation of different tasks such as authorization testing. New extensions come in every day which can be used in Burp Suite while testing. 

In general, there's not much to complain about but the stability of the tool is not good enough. I know that the RAM utilization is something they're working on but using a scan currently takes up too much memory. Resource utilization is an issue because when you're application testing, there are multiple threats and multiple application requests that are going in the backend.

I've been using this solution for four years. 

The stability could be improved. 

The scalability is quite good because PortSwigger can be used by multiple users through Jenkins and other things. 

The technical support is quite good. 

Positive

The initial setup is not that difficult because there's good documentation on the PortSwigger website. Our employees each installed on their own machine, it's an executable file. 

Return on investment is good because it's a globally known product. All our  customers know Burp Suite. There's a return on investment because it's a major tool necessary for performing any manual or automation testing.

The licensing cost depends on the number of users. One person can use the tool on a single laptop that can be shared between multiple users under a single license. We have around 15 users. We pay an annual license fee that includes technical support, it's not that expensive. They also provide a free community version. 

I recommend this solution and rate it seven out of 10 because it offers multiple features.

We use it for application security testing purposes. We scan our solutions and then look for issues in them. Upon finding the issues, we send them to the development team who fixes them. However, we use Burp Suite only for a specific client, hence we only have one license and limited use.

The solution is quite helpful for session management and configuration. 

In the Professional version, we cannot link it with the CI/CD process. This feature is included in the enterprise version. Also, it doesn’t have a dashboard to preview the number of issues that were found. A dashboard showing previous issues and their status will be better. These all are enterprise features which are extremely expensive.

I have been using Burp Suite for two years.

It is a stable product. 

It is a scalable solution. We currently have only one to two people using Burp Suite for specific clients.

The customer support is good, however, I haven’t used other tools. It is difficult to compare it and other solutions might provide better support.

I personally don’t use a lot of tools except AWS for general clients.

Burp Suite is easy to set up and takes only five to ten minutes. The installation can be done by one person only. The maintenance isn’t very hard to do.

It is a cheap solution, but it may not be cheaper than other solutions.

I would advise others to also try other tools. As I have only used Burp Suite as an application security solution, I cannot comment on other tools. However, between JAP and Burp Suite, I would surely recommend Burp Suite. Overall, I would rate it an eight out of ten.

We are the resellers and not the customers. Usually, our customers use the solution's vulnerability scanner to check problems with their websites and web applications. While I cannot disclose specific customer names due to our NDA agreements, they normally use the solution to address issues with their web services.

The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price.

The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support.

We have been working with the solution for about three years.

The tool is stable. We haven’t received any complaints so far.

I rate the scalability of the solution as six out of ten.

Nessus is a more expensive solution than Burp Suite, which offers a broader range of services, including network and website scanning features. You can’t compare them.

The initial setup was easy. One doesn't need much knowledge to operate it. The solution can be deployed within ten minutes. 

The pricing of the solution is cost-effective and is best suited for small and medium-sized businesses.

I recommend the solution for small and medium-sized businesses. It’s not suited for large enterprises. Everything depends on the cost. A customer with a high budget should go for solutions like Nessus. However, a more cost-effective solution like Burp Suite is recommended if they have a limited budget. My final recommendation is to use the solution that suits your needs. Overall, I rate the solution a five out of ten.

The solution is primarily used for scanning the webpage and for the incoming traffic for the application.

The solution is most valuable for finding and developing the application. If there is leakage of data or some external links, we can deal with it.

The solution is stable.

The scalability is good.

The solution offers helpful technical support and has excellent documentation.

Sometimes the solution can run a little slow. When we’re cracking passwords, we have issues with responsiveness.

I used the solution for one year.

Mostly the solution is stable. Sometimes while using the password cracker, it took some time. Sometimes it gets a bit slow by adding up the number of rules. It took some time to crack the passwords of applications.

It is pretty easy to scale the product.

We had ten to 12 people using the solution. It was a small environment.

Technical support was excellent. They were very fast. They also offered good documentation which was very helpful to have on hand.

Positive

I started with Burp Suite. I’ve only used that. I haven't used anything other than that.

For the setup, on my end, I just got access via the organization when I first started using it. I haven't set up the entire cloud, the Burp Suite cloud. I used it by using some credentials only. Therefore, I'm not that good at setting up the enrollment.

The entire setup was done on the cloud. There were only three to four people needed for deployment and maintenance. They are well experienced in those areas.

The deployment part was entirely done by another team. We, as a team, used to test the application. We didn't know much about how the setup was arranged.

I’m not aware of the pricing side of things. It might have been paid monthly, however, I don’t know much more than that.

My company was parters with Portswigger.

I’m not sure which version of the solution we were using.

Everyone seems very happy with the solution. There are some learning modules as well so that we can go into the tool and understand it well. I would suggest the solution to my colleagues.

I’d rate the solution nine out of ten.