PortSwigger Burp Suite Professional Reviews

My main use cases for security testing with PortSwigger Burp Suite Professional are mobile application penetration testing and web application penetration testing in the IT industry.

I find all the features of PortSwigger Burp Suite Professional most useful, particularly the AI enhancement for results and follow-up for retests.

This feature helps me follow up on my results and perform retests step-by-step. The automation in AI verifies the findings, ensuring they are correct, and performs step-by-step testing.

The Intruder tool enhances testing efficiency through intercepting information and analyzing it. It helps to analyze web applications and intercept the traffic.

The only potential improvement would be adding Postman integration specifically for APIs.

I have been working with the tool for five years.

I haven't experienced any issues with stability; it is a stable solution.

They have an option for enterprise for scalability, but I currently use just a single license.

My environment is medium-sized, and I am the only user of this tool.

Before working with PortSwigger Burp Suite Professional, I evaluated other tools for testing such as OWASP ZAP.

PortSwigger Burp Suite Professional offers benefits because it's not open source, providing extra features such as AI enhancements that are not available on OWASP ZAP. OWASP ZAP is completely free.

The setup process for PortSwigger Burp Suite Professional is quite easy. I would rate the setup a nine on a scale from one to ten, where ten means easy.

Deployment takes approximately two minutes.

The cost of PortSwigger Burp Suite Professional is reasonable at approximately $500 per year per user.

As a user and customer, I can say that PortSwigger Burp Suite Professional is a good tool that performs its intended functions effectively. It operates as an interceptor and analysis tool, completing its tasks reliably.

On a scale from one to ten, I rate PortSwigger Burp Suite Professional a nine.

Positive

We use the solution for penetration testing, web application testing, etc.

We use the tool to test the application security, like APIs. It is one of the major tool for any security or to test web applications.

The tool provides complimentary services. It allows you to add a lot of extensions, and you can get extensions quite often. It is quite a flexible application.

Reporting could be improved. If you use any AI feature, you can go out and take and provide more in-depth information.

I have been using PortSwigger Burp Suite Professional for over ten years. We are using the latest version of the solution.

The product is highly stable.

I rate the solution’s stability an eight out of ten.

The solution is scalable.

Five users are using this solution.

I rate the solution’s scalability an eight out of ten.

Customer support respond immediately.

Positive

The initial setup is easy and take you around ten minute, provided you have downloaded the application.

I rate the initial setup a nine out of ten, where one is difficult, and ten is easy.

The tool was deployed in-house.

worth the money spent.

Yes, there many tools, and also a free tool i.e ZAP

it does give you ability to run easily  various attack types , such as Sniper, Pitchfork attack, Battering RAM, Cluster bomb and various other attack types, which can be used to test Web application. 
Overall, I rate the solution an eight out of ten.

I have been using this solution for quite a long time. The features and request tampering are different. This solution helps us when testing applications. It is a flexible tool.

It is useful for scanning and tracing activities.

Improvement should be done as per the requirements of customers. 

I would rate the stability an eight out of ten. 

The solution is reasonably priced. 

Overall, I would rate the solution a nine out of ten. 

We use PortSwigger Burp Suite Professional for manual penetration testing.

PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up.

The technical support team's response time is mostly delayed and should be improved.

I have been using PortSwigger Burp Suite Professional for six to seven years.

PortSwigger Burp Suite Professional is a stable solution.

Around 500 to 600 users are using the solution in our organization.

The solution’s initial setup is quite easy.

PortSwigger Burp Suite Professional is worth its price.

PortSwigger Burp Suite Professional is an expensive solution.

Users should get the professional version for the solution because the community and the free edition do not have many things to offer. They should explore as much as possible, go for the web code application, and do the manual penetration testing.

PortSwigger Burp Suite Professional allows us to do everything from setting the proxy to getting our own browser. Some features were not there in Burp Suite earlier. We had to attach Chrome to the Burp Suite to the proxy, but now they have given everything in a single bundle.

Overall, I rate PortSwigger Burp Suite Professional ten out of ten.

The solution has improved the organisation as it helps with scanning and doing the reports for the developers. The solution also helps with communicating the everyday issues and delivering high security and web applications to the customers.

The intercepting feature is the most valuable.

Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release.

The solution is used for scanning and doing reports for the developers.

It is a stable solution.

It is a scalable solution. Ten specialists are working with Burp Suite Professional currently. We plan to increase the usage in the future. I rate the scalability an eight out of ten.

The solution is implemented through a third-party team.

Positive

I have used Nessus, previously. Nessus helped with only OS and analysis but Burp Suite helps with application scanning, detecting vulnerabilities and expertisation.

The initial setup is easy. The deployment is done under a professional, and it takes one hour to be deployed. We have to add our information to get our code directly into the box and then we scan their applications. A single person is required for the deployment. I rate the initial setup a ten out of ten.

The solution is implemented through a third-party team.

The pricing of the solution is reasonable. We only need to pay for the annual subscription. I rate the pricing five out of ten.

All the security issues and the integration of the vulnerabilities will happen automatically and manually in the website. So the solution will be very helpful for the website. I rate the overall solution a nine out of ten.

We use PortSwigger Burp Suite Professional for security. I'm a security tester and I need it for my daily activities, I require it.

PortSwigger Burp Suite Professional has improved the organization by providing the security standards of the applications across the organization.

We can test the weakness or loopholes in the application an attacker can use. We have an internal team that conducts the pen-testing from a hacker's point of view and try to close the issue before it is opened to the internet.

The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.

PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try.

I have been using PortSwigger Burp Suite Professional for approximately two years.

The reliability of PortSwigger Burp Suite Professional is good. It doesn't hang very much, and it doesn't get stuck anywhere, it is reliable.

PortSwigger Burp Suite Professional is scalable. You can add in-scope items, and remove any items that are not on the scope.

We have approximately 30 people using the solution in my organization. We have managers, consultants, and senior consultants using it. If our testers increase the number of users will increase and then we will increase our usage of this solution.

I have not needed to use the support from PortSwigger Burp Suite Professional.

I was previously using OWASP Zap.

The initial setup of PortSwigger Burp Suite Professional was simple. It can be done in approximately three minutes.

I rate the initial setup of PortSwigger Burp Suite Professional a five out of five.

I did the implementation of PortSwigger Burp Suite Professional myself.

If there is a software update it is fairly simple to upgrade. There is a lot of reference material online. 

There are multiple versions available of PortSwigger Burp Suite, such as enterprise, commercial, professional, and beginners.

My company has paid for the license for the solution. The price of the solution could be less expensive.

This is one of the best solutions in the market. I would advise others to try this solution out.

I rate PortSwigger Burp Suite Professional a nine out of ten.

I use PortSwigger Burp Suite Professional for penetration testing.

For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host. 

The price could be better. The rest is fine.

I have been using PortSwigger Burp Suite Professional for more than ten years.

PortSwigger Burp Suite Professional is a stable solution. Sometimes we are limited because of a firewall, and they will block all the proxy requests. Sometimes there are some challenges, but we can manage them.

PortSwigger Burp Suite Professional is a scalable solution. We have about 200 users in our company.

Technical support is very good. 

The initial setup is straightforward, but it is not very user-friendly, and you need someone to install the certificate. It is a bit complex, but we can manage that one. It took more than half an hour to deploy this solution.

They should reduce the license cost a little bit. It is $400 per user, and it would be better if they could reduce the licensing fee. 

I would tell potential users that if they want to go for penetration testing,  PortSwigger Burp Suite Professional is the obvious choice. 

On a scale from one to ten, I would give PortSwigger Burp Suite Professional an eight.