PortSwigger Burp Suite Professional Reviews

I have been using this solution for quite a long time. The features and request tampering are different. This solution helps us when testing applications. It is a flexible tool.

It is useful for scanning and tracing activities.

Improvement should be done as per the requirements of customers. 

I would rate the stability an eight out of ten. 

The solution is reasonably priced. 

Overall, I would rate the solution a nine out of ten. 

The solution has improved the organisation as it helps with scanning and doing the reports for the developers. The solution also helps with communicating the everyday issues and delivering high security and web applications to the customers.

The intercepting feature is the most valuable.

Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release.

The solution is used for scanning and doing reports for the developers.

It is a stable solution.

It is a scalable solution. Ten specialists are working with Burp Suite Professional currently. We plan to increase the usage in the future. I rate the scalability an eight out of ten.

The solution is implemented through a third-party team.

Positive

I have used Nessus, previously. Nessus helped with only OS and analysis but Burp Suite helps with application scanning, detecting vulnerabilities and expertisation.

The initial setup is easy. The deployment is done under a professional, and it takes one hour to be deployed. We have to add our information to get our code directly into the box and then we scan their applications. A single person is required for the deployment. I rate the initial setup a ten out of ten.

The solution is implemented through a third-party team.

The pricing of the solution is reasonable. We only need to pay for the annual subscription. I rate the pricing five out of ten.

All the security issues and the integration of the vulnerabilities will happen automatically and manually in the website. So the solution will be very helpful for the website. I rate the overall solution a nine out of ten.

We are using the solution for web application testing. From Burp Suite, we can test the application security. We have a team of system auditors, and our auditors use Burp Suite.

We are working with the community version, and it provides all the features we need.

It's good testing software. 

For application security, Burp Suite is one of the best solutions. It has all the proxy and all the features so that we can test all the application's vulnerabilities. 

They have an extension feature, so at intervals, they provide extensions that provide some helpful updates. They continuously update the product, and they continuously provide extensions. Through the extensions, we get new features at regular intervals.

The pricing is fine. 

We can customize and configure as needed.

We found the product to be quite stable. 

It's already great. There isn't anything needed for improvement. 

The initial setup is a bit complex. 

I've used the solution for three years. 

The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution can scale. It's per system. If you are using it on 100 systems, you must install it on all 100 systems. It's not like you install a central product, and you scale. It's not the client-server architecture; you must install it on every system if you want to test.

We have two or three users on the solution.

We've never escalated any issues to technical support. I've never directly dealt with them.

This is among the best in comparison to all other tools. If we compare it to Zap, et cetera, Burp Suite is the best among those. There's also Nikto and lots of tools available. We prefer to work with Burp as Burp Suite is like a framework. It has lots of tools in-built. Therefore, we can do multiple tasks on a single platform from a single framework. It's like a one-stop shop.

The solution is a little bit complex. It's not exactly straightforward. 

The deployment itself was a pretty easy process. It was quick.

We do not find it difficult to maintain the solution.

We handled the initial setup ourselves in-house. 

We use the community version. It's free.

Pricing is not very high. It was around $200.

They have some licenses, and features and they have some different categories. I need to go through the sites, however, I know they have different versions.

We are using Burp Suite. We are not selling Burp Suite.

At this time, we're using the most up-to-date version of the product.

I'd recommend the solution to others. I would rate it ten out of ten.

We use PortSwigger Burp Suite Professional for security. I'm a security tester and I need it for my daily activities, I require it.

PortSwigger Burp Suite Professional has improved the organization by providing the security standards of the applications across the organization.

We can test the weakness or loopholes in the application an attacker can use. We have an internal team that conducts the pen-testing from a hacker's point of view and try to close the issue before it is opened to the internet.

The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.

PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try.

I have been using PortSwigger Burp Suite Professional for approximately two years.

The reliability of PortSwigger Burp Suite Professional is good. It doesn't hang very much, and it doesn't get stuck anywhere, it is reliable.

PortSwigger Burp Suite Professional is scalable. You can add in-scope items, and remove any items that are not on the scope.

We have approximately 30 people using the solution in my organization. We have managers, consultants, and senior consultants using it. If our testers increase the number of users will increase and then we will increase our usage of this solution.

I have not needed to use the support from PortSwigger Burp Suite Professional.

I was previously using OWASP Zap.

The initial setup of PortSwigger Burp Suite Professional was simple. It can be done in approximately three minutes.

I rate the initial setup of PortSwigger Burp Suite Professional a five out of five.

I did the implementation of PortSwigger Burp Suite Professional myself.

If there is a software update it is fairly simple to upgrade. There is a lot of reference material online. 

There are multiple versions available of PortSwigger Burp Suite, such as enterprise, commercial, professional, and beginners.

My company has paid for the license for the solution. The price of the solution could be less expensive.

This is one of the best solutions in the market. I would advise others to try this solution out.

I rate PortSwigger Burp Suite Professional a nine out of ten.

I use PortSwigger Burp Suite Professional for penetration testing.

For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host. 

The price could be better. The rest is fine.

I have been using PortSwigger Burp Suite Professional for more than ten years.

PortSwigger Burp Suite Professional is a stable solution. Sometimes we are limited because of a firewall, and they will block all the proxy requests. Sometimes there are some challenges, but we can manage them.

PortSwigger Burp Suite Professional is a scalable solution. We have about 200 users in our company.

Technical support is very good. 

The initial setup is straightforward, but it is not very user-friendly, and you need someone to install the certificate. It is a bit complex, but we can manage that one. It took more than half an hour to deploy this solution.

They should reduce the license cost a little bit. It is $400 per user, and it would be better if they could reduce the licensing fee. 

I would tell potential users that if they want to go for penetration testing,  PortSwigger Burp Suite Professional is the obvious choice. 

On a scale from one to ten, I would give PortSwigger Burp Suite Professional an eight.

I mainly use Burp Suite for manual testing, using it as a proxy to do my manual pen test.

Burp Suite gives you a very good automated scanning tool, which gives you around sixty to seventy percent security coverage without having to use a security resource. Once the developer gets the report, they've got the PortSwigger lab to explain the vulnerability and have a POC right there, so it's very beneficial for developers.

The most valuable feature is Burp Collaborator.

BurpSuite has some issues regarding authentication with OAT tokens that need to be improved.

I've been using this solution for around seven years.

The Professional version is not very scalable because you need to buy licenses for each user, but the Enterprise version takes care of that.

The support for the Enterprise solution isn't the best (I'd rate it as three out of five), but the Professional version provides all the documentation and the PortSwigger labs, so it's much better.

Positive

I previously used OS SAP, but I switched to Burp Suite when the support for that solution stopped.

The initial setup is very easy because Burp Suite has very good documentation. Setup took less than an hour, though it might take a less-experienced person longer to install a mobile application because of the application-level security.

I would say Burp Suite has now surpassed SAP as a tool. The main aspect of Burp Suite is that it's like an army knife for a hacker, it's not just the automation or the scanning that it brings. For a person with 80-90% knowledge of application security, this tool is a must-have. I would rate Burp Suite nine out of ten.

The solution is for web security testing and the primary use is to eliminate the false positives.

This solution has helped our company in many ways. PortSwigger Acadamy has given us the knowledge to be able to do deeper tests. The effectiveness of the tests is directly proportional to your knowledge about security testing. Even if you do not have this knowledge at the beginning you still you can perform some kind of testing. If you do not know how to choose your payload then it is going to suggest the built-in payloads to which you can perform those test attacks.

You do not need to be an expert to use the solution, an intermediate skilled person can use it and over time they can become an expert. Sometimes it is difficult to find skilled employees to start working in this field for your company but with PortSwigger the new employee does not have to be an expert because they are able to grow quite quickly in their knowledge.

The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.

There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.

In a future release, if there could be some kind of autonomous function, or user behavior prediction that would be beneficial.

I have been using this solution for approximately three years.

The solution has not had any crashes or any problems. It is reliable.

The solution is scalable. There are types of operations we can do and it has good peak performance.

PortSwigger has something called Academy where you can go to learn about many things related to security testing.

The installation is very easy.

The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable.

I have evaluated Zap.

My advice to others just starting out with security testing is to evaluate Zap, which is open-source, to allow them to get an understanding of the processes. Then once they have an understanding they should look into PortSwigger Burp Suite Professional. This solution would win in comparison with its features and would be a very good choice after they have some experience.

I rate PortSwigger Burp Suite Professional an eight out of ten.

We use PortSwigger Burp Suite Professional for manual penetration testing.

PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up.

The technical support team's response time is mostly delayed and should be improved.

I have been using PortSwigger Burp Suite Professional for six to seven years.

PortSwigger Burp Suite Professional is a stable solution.

Around 500 to 600 users are using the solution in our organization.

The solution’s initial setup is quite easy.

PortSwigger Burp Suite Professional is worth its price.

PortSwigger Burp Suite Professional is an expensive solution.

Users should get the professional version for the solution because the community and the free edition do not have many things to offer. They should explore as much as possible, go for the web code application, and do the manual penetration testing.

PortSwigger Burp Suite Professional allows us to do everything from setting the proxy to getting our own browser. Some features were not there in Burp Suite earlier. We had to attach Chrome to the Burp Suite to the proxy, but now they have given everything in a single bundle.

Overall, I rate PortSwigger Burp Suite Professional ten out of ten.