PortSwigger Burp Suite Professional Reviews

We use the solution for penetration testing, web application testing, etc.

We use the tool to test the application security, like APIs. It is one of the major tool for any security or to test web applications.

The tool provides complimentary services. It allows you to add a lot of extensions, and you can get extensions quite often. It is quite a flexible application.

Reporting could be improved. If you use any AI feature, you can go out and take and provide more in-depth information.

I have been using PortSwigger Burp Suite Professional for over ten years. We are using the latest version of the solution.

The product is highly stable.

I rate the solution’s stability an eight out of ten.

The solution is scalable.

Five users are using this solution.

I rate the solution’s scalability an eight out of ten.

Customer support respond immediately.

The initial setup is easy and take you around ten minute, provided you have downloaded the application.

I rate the initial setup a nine out of ten, where one is difficult, and ten is easy.

The tool was deployed in-house.

worth the money spent.

Yes, there many tools, and also a free tool i.e ZAP

it does give you ability to run easily  various attack types , such as Sniper, Pitchfork attack, Battering RAM, Cluster bomb and various other attack types, which can be used to test Web application. 
Overall, I rate the solution an eight out of ten.

I have been using this solution for quite a long time. The features and request tampering are different. This solution helps us when testing applications. It is a flexible tool.

It is useful for scanning and tracing activities.

Improvement should be done as per the requirements of customers. 

I would rate the stability an eight out of ten. 

The solution is reasonably priced. 

Overall, I would rate the solution a nine out of ten. 

We use the solution for scanning. It also has a repeater function to replay a request. I'm using it for brute forcing and future scheduling.

We have a quick firewall before PortSwigger Burp Suite Professional to test for SQL injection. Suppose the firewall is blocking some special characters. In that case, we can use Intruder to quickly identify which special character is blocked and which characters are enabled by feeding Intruder with a list of all possible special characters. We can also use Intruder to clock the use of some tools like Secure Map. We can feed Intruder with a list of SQL injection or XSS payloads and test the vulnerability directly. The scanner is handy in identifying vulnerabilities. SSTI vulnerabilities are within Burp Suite. It is a time saver and useful tool for most cybersecurity consultants and penetration tests.

PortSwigger is a time-saver application. It has a webscanner feature. The regional agencies can help a lot in identifying potential vulnerabilities.

You can have many false positives in Burp Suite. It depends on the scale of the penetration testing. If you have experience, you can quickly determine the false positive.

PortSwigger Burp Suite Professional lacks an authentication feature for handling certain applications. For example, consider applications that utilize authentication, where tokens typically expire after one hour. Burp does not automatically handle reauthentication in such scenarios. While it does offer a feature to set rules for automatically renewing authentication, it's specific to particular applications. However, the process for applications with token-based authentication has become more complicated. When running a web scanner, authentication may fail due to expired tokens after one hour, rendering the scanner unable to authenticate with the application. 

I have been using PortSwigger Burp Suite Professional for 7 years.

All resources on PortSwigger are online, whether on their website or forums. Whenever we encountered any issue, we contacted their support directly via email. They are pretty quick to respond and provide good assistance.

Positive

We trust Burp Suite to identify vulnerabilities in the application with pretty good accuracy.

The solution is worth the money.

You can enhance web features with Burp Suite because it works well with many plugins. There is a large community around it that develops custom plugins. You can integrate these plugins into your app to quickly identify various vulnerabilities. There are both free and paid plugins available. We build apps exclusively with Burp Suite Professional. There are many tools available to assist with vulnerability management. You can download and export Burp Scanner output and load it into a vulnerability management tool. This allows developers to track vulnerabilities and manage the process of correcting them, providing status updates to management.

Overall, I rate the solution a ten out of ten.

The solution has improved the organisation as it helps with scanning and doing the reports for the developers. The solution also helps with communicating the everyday issues and delivering high security and web applications to the customers.

The intercepting feature is the most valuable.

Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release.

The solution is used for scanning and doing reports for the developers.

It is a stable solution.

It is a scalable solution. Ten specialists are working with Burp Suite Professional currently. We plan to increase the usage in the future. I rate the scalability an eight out of ten.

The solution is implemented through a third-party team.

Positive

I have used Nessus, previously. Nessus helped with only OS and analysis but Burp Suite helps with application scanning, detecting vulnerabilities and expertisation.

The initial setup is easy. The deployment is done under a professional, and it takes one hour to be deployed. We have to add our information to get our code directly into the box and then we scan their applications. A single person is required for the deployment. I rate the initial setup a ten out of ten.

The solution is implemented through a third-party team.

The pricing of the solution is reasonable. We only need to pay for the annual subscription. I rate the pricing five out of ten.

All the security issues and the integration of the vulnerabilities will happen automatically and manually in the website. So the solution will be very helpful for the website. I rate the overall solution a nine out of ten.

We are using the solution for web application testing. From Burp Suite, we can test the application security. We have a team of system auditors, and our auditors use Burp Suite.

We are working with the community version, and it provides all the features we need.

It's good testing software. 

For application security, Burp Suite is one of the best solutions. It has all the proxy and all the features so that we can test all the application's vulnerabilities. 

They have an extension feature, so at intervals, they provide extensions that provide some helpful updates. They continuously update the product, and they continuously provide extensions. Through the extensions, we get new features at regular intervals.

The pricing is fine. 

We can customize and configure as needed.

We found the product to be quite stable. 

It's already great. There isn't anything needed for improvement. 

The initial setup is a bit complex. 

I've used the solution for three years. 

The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution can scale. It's per system. If you are using it on 100 systems, you must install it on all 100 systems. It's not like you install a central product, and you scale. It's not the client-server architecture; you must install it on every system if you want to test.

We have two or three users on the solution.

We've never escalated any issues to technical support. I've never directly dealt with them.

This is among the best in comparison to all other tools. If we compare it to Zap, et cetera, Burp Suite is the best among those. There's also Nikto and lots of tools available. We prefer to work with Burp as Burp Suite is like a framework. It has lots of tools in-built. Therefore, we can do multiple tasks on a single platform from a single framework. It's like a one-stop shop.

The solution is a little bit complex. It's not exactly straightforward. 

The deployment itself was a pretty easy process. It was quick.

We do not find it difficult to maintain the solution.

We handled the initial setup ourselves in-house. 

We use the community version. It's free.

Pricing is not very high. It was around $200.

They have some licenses, and features and they have some different categories. I need to go through the sites, however, I know they have different versions.

We are using Burp Suite. We are not selling Burp Suite.

At this time, we're using the most up-to-date version of the product.

I'd recommend the solution to others. I would rate it ten out of ten.

The solution is primarily used for scanning the webpage and for the incoming traffic for the application.

The solution is most valuable for finding and developing the application. If there is leakage of data or some external links, we can deal with it.

The solution is stable.

The scalability is good.

The solution offers helpful technical support and has excellent documentation.

Sometimes the solution can run a little slow. When we’re cracking passwords, we have issues with responsiveness.

I used the solution for one year.

Mostly the solution is stable. Sometimes while using the password cracker, it took some time. Sometimes it gets a bit slow by adding up the number of rules. It took some time to crack the passwords of applications.

It is pretty easy to scale the product.

We had ten to 12 people using the solution. It was a small environment.

Technical support was excellent. They were very fast. They also offered good documentation which was very helpful to have on hand.

Positive

I started with Burp Suite. I’ve only used that. I haven't used anything other than that.

For the setup, on my end, I just got access via the organization when I first started using it. I haven't set up the entire cloud, the Burp Suite cloud. I used it by using some credentials only. Therefore, I'm not that good at setting up the enrollment.

The entire setup was done on the cloud. There were only three to four people needed for deployment and maintenance. They are well experienced in those areas.

The deployment part was entirely done by another team. We, as a team, used to test the application. We didn't know much about how the setup was arranged.

I’m not aware of the pricing side of things. It might have been paid monthly, however, I don’t know much more than that.

My company was parters with Portswigger.

I’m not sure which version of the solution we were using.

Everyone seems very happy with the solution. There are some learning modules as well so that we can go into the tool and understand it well. I would suggest the solution to my colleagues.

I’d rate the solution nine out of ten.

We use PortSwigger Burp Suite Professional for security. I'm a security tester and I need it for my daily activities, I require it.

PortSwigger Burp Suite Professional has improved the organization by providing the security standards of the applications across the organization.

We can test the weakness or loopholes in the application an attacker can use. We have an internal team that conducts the pen-testing from a hacker's point of view and try to close the issue before it is opened to the internet.

The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.

PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try.

I have been using PortSwigger Burp Suite Professional for approximately two years.

The reliability of PortSwigger Burp Suite Professional is good. It doesn't hang very much, and it doesn't get stuck anywhere, it is reliable.

PortSwigger Burp Suite Professional is scalable. You can add in-scope items, and remove any items that are not on the scope.

We have approximately 30 people using the solution in my organization. We have managers, consultants, and senior consultants using it. If our testers increase the number of users will increase and then we will increase our usage of this solution.

I have not needed to use the support from PortSwigger Burp Suite Professional.

I was previously using OWASP Zap.

The initial setup of PortSwigger Burp Suite Professional was simple. It can be done in approximately three minutes.

I rate the initial setup of PortSwigger Burp Suite Professional a five out of five.

I did the implementation of PortSwigger Burp Suite Professional myself.

If there is a software update it is fairly simple to upgrade. There is a lot of reference material online. 

There are multiple versions available of PortSwigger Burp Suite, such as enterprise, commercial, professional, and beginners.

My company has paid for the license for the solution. The price of the solution could be less expensive.

This is one of the best solutions in the market. I would advise others to try this solution out.

I rate PortSwigger Burp Suite Professional a nine out of ten.

I use PortSwigger Burp Suite Professional for penetration testing.

For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host. 

The price could be better. The rest is fine.

I have been using PortSwigger Burp Suite Professional for more than ten years.

PortSwigger Burp Suite Professional is a stable solution. Sometimes we are limited because of a firewall, and they will block all the proxy requests. Sometimes there are some challenges, but we can manage them.

PortSwigger Burp Suite Professional is a scalable solution. We have about 200 users in our company.

Technical support is very good. 

The initial setup is straightforward, but it is not very user-friendly, and you need someone to install the certificate. It is a bit complex, but we can manage that one. It took more than half an hour to deploy this solution.

They should reduce the license cost a little bit. It is $400 per user, and it would be better if they could reduce the licensing fee. 

I would tell potential users that if they want to go for penetration testing,  PortSwigger Burp Suite Professional is the obvious choice. 

On a scale from one to ten, I would give PortSwigger Burp Suite Professional an eight.