PortSwigger Burp Suite Professional Reviews

Positive

We use the solution for penetration testing, web application testing, etc.

We use the tool to test the application security, like APIs. It is one of the major tool for any security or to test web applications.

The tool provides complimentary services. It allows you to add a lot of extensions, and you can get extensions quite often. It is quite a flexible application.

Reporting could be improved. If you use any AI feature, you can go out and take and provide more in-depth information.

I have been using PortSwigger Burp Suite Professional for over ten years. We are using the latest version of the solution.

The product is highly stable.

I rate the solution’s stability an eight out of ten.

The solution is scalable.

Five users are using this solution.

I rate the solution’s scalability an eight out of ten.

Customer support respond immediately.

Positive

The initial setup is easy and take you around ten minute, provided you have downloaded the application.

I rate the initial setup a nine out of ten, where one is difficult, and ten is easy.

The tool was deployed in-house.

worth the money spent.

Yes, there many tools, and also a free tool i.e ZAP

it does give you ability to run easily  various attack types , such as Sniper, Pitchfork attack, Battering RAM, Cluster bomb and various other attack types, which can be used to test Web application. 
Overall, I rate the solution an eight out of ten.

I have been using this solution for quite a long time. The features and request tampering are different. This solution helps us when testing applications. It is a flexible tool.

It is useful for scanning and tracing activities.

Improvement should be done as per the requirements of customers. 

I would rate the stability an eight out of ten. 

The solution is reasonably priced. 

Overall, I would rate the solution a nine out of ten. 

We use PortSwigger Burp Suite Professional for manual penetration testing.

PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up.

The technical support team's response time is mostly delayed and should be improved.

I have been using PortSwigger Burp Suite Professional for six to seven years.

PortSwigger Burp Suite Professional is a stable solution.

Around 500 to 600 users are using the solution in our organization.

The solution’s initial setup is quite easy.

PortSwigger Burp Suite Professional is worth its price.

PortSwigger Burp Suite Professional is an expensive solution.

Users should get the professional version for the solution because the community and the free edition do not have many things to offer. They should explore as much as possible, go for the web code application, and do the manual penetration testing.

PortSwigger Burp Suite Professional allows us to do everything from setting the proxy to getting our own browser. Some features were not there in Burp Suite earlier. We had to attach Chrome to the Burp Suite to the proxy, but now they have given everything in a single bundle.

Overall, I rate PortSwigger Burp Suite Professional ten out of ten.

The solution has improved the organisation as it helps with scanning and doing the reports for the developers. The solution also helps with communicating the everyday issues and delivering high security and web applications to the customers.

The intercepting feature is the most valuable.

Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release.

The solution is used for scanning and doing reports for the developers.

It is a stable solution.

It is a scalable solution. Ten specialists are working with Burp Suite Professional currently. We plan to increase the usage in the future. I rate the scalability an eight out of ten.

The solution is implemented through a third-party team.

Positive

I have used Nessus, previously. Nessus helped with only OS and analysis but Burp Suite helps with application scanning, detecting vulnerabilities and expertisation.

The initial setup is easy. The deployment is done under a professional, and it takes one hour to be deployed. We have to add our information to get our code directly into the box and then we scan their applications. A single person is required for the deployment. I rate the initial setup a ten out of ten.

The solution is implemented through a third-party team.

The pricing of the solution is reasonable. We only need to pay for the annual subscription. I rate the pricing five out of ten.

All the security issues and the integration of the vulnerabilities will happen automatically and manually in the website. So the solution will be very helpful for the website. I rate the overall solution a nine out of ten.

We use PortSwigger Burp Suite Professional for security. I'm a security tester and I need it for my daily activities, I require it.

PortSwigger Burp Suite Professional has improved the organization by providing the security standards of the applications across the organization.

We can test the weakness or loopholes in the application an attacker can use. We have an internal team that conducts the pen-testing from a hacker's point of view and try to close the issue before it is opened to the internet.

The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.

PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try.

I have been using PortSwigger Burp Suite Professional for approximately two years.

The reliability of PortSwigger Burp Suite Professional is good. It doesn't hang very much, and it doesn't get stuck anywhere, it is reliable.

PortSwigger Burp Suite Professional is scalable. You can add in-scope items, and remove any items that are not on the scope.

We have approximately 30 people using the solution in my organization. We have managers, consultants, and senior consultants using it. If our testers increase the number of users will increase and then we will increase our usage of this solution.

I have not needed to use the support from PortSwigger Burp Suite Professional.

I was previously using OWASP Zap.

The initial setup of PortSwigger Burp Suite Professional was simple. It can be done in approximately three minutes.

I rate the initial setup of PortSwigger Burp Suite Professional a five out of five.

I did the implementation of PortSwigger Burp Suite Professional myself.

If there is a software update it is fairly simple to upgrade. There is a lot of reference material online. 

There are multiple versions available of PortSwigger Burp Suite, such as enterprise, commercial, professional, and beginners.

My company has paid for the license for the solution. The price of the solution could be less expensive.

This is one of the best solutions in the market. I would advise others to try this solution out.

I rate PortSwigger Burp Suite Professional a nine out of ten.

I use PortSwigger Burp Suite Professional for penetration testing.

For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host. 

The price could be better. The rest is fine.

I have been using PortSwigger Burp Suite Professional for more than ten years.

PortSwigger Burp Suite Professional is a stable solution. Sometimes we are limited because of a firewall, and they will block all the proxy requests. Sometimes there are some challenges, but we can manage them.

PortSwigger Burp Suite Professional is a scalable solution. We have about 200 users in our company.

Technical support is very good. 

The initial setup is straightforward, but it is not very user-friendly, and you need someone to install the certificate. It is a bit complex, but we can manage that one. It took more than half an hour to deploy this solution.

They should reduce the license cost a little bit. It is $400 per user, and it would be better if they could reduce the licensing fee. 

I would tell potential users that if they want to go for penetration testing,  PortSwigger Burp Suite Professional is the obvious choice. 

On a scale from one to ten, I would give PortSwigger Burp Suite Professional an eight.

I mainly use Burp Suite for manual testing, using it as a proxy to do my manual pen test.

Burp Suite gives you a very good automated scanning tool, which gives you around sixty to seventy percent security coverage without having to use a security resource. Once the developer gets the report, they've got the PortSwigger lab to explain the vulnerability and have a POC right there, so it's very beneficial for developers.

The most valuable feature is Burp Collaborator.

BurpSuite has some issues regarding authentication with OAT tokens that need to be improved.

I've been using this solution for around seven years.

The Professional version is not very scalable because you need to buy licenses for each user, but the Enterprise version takes care of that.

The support for the Enterprise solution isn't the best (I'd rate it as three out of five), but the Professional version provides all the documentation and the PortSwigger labs, so it's much better.

Positive

I previously used OS SAP, but I switched to Burp Suite when the support for that solution stopped.

The initial setup is very easy because Burp Suite has very good documentation. Setup took less than an hour, though it might take a less-experienced person longer to install a mobile application because of the application-level security.

I would say Burp Suite has now surpassed SAP as a tool. The main aspect of Burp Suite is that it's like an army knife for a hacker, it's not just the automation or the scanning that it brings. For a person with 80-90% knowledge of application security, this tool is a must-have. I would rate Burp Suite nine out of ten.