PortSwigger Burp Suite Professional Reviews

I use the solution to intercept requests and scan applications.

The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool.

The solution’s pricing could be improved.

I have been using PortSwigger Burp Suite Professional for around two to three years.

We have not faced any issues with the solution’s stability.

Over 500 people are using the solution in our organization.

The solution’s initial setup is easy.

PortSwigger Burp Suite Professional is an expensive solution.

I would recommend the solution to other users. Using PortSwigger Burp Suite Professional for the first time is not easy, but you can use it easily after using a demo version. The solution's Intruder tool has helped improve our security testing efficiency. The solution's Repeater tool has helped us with testing for web vulnerabilities.

Overall, I rate the solution a nine out of ten.

We use the solution for scanning and manual penetration testing. We have a verification and security assessment as a dynamic security assessment for manual application testing.

The solution helps to automate API security assessments. It incorporates features of both black hat and red team engagements. We streamline bug bounty hunts. It helps in API testing, where manual intervention was previously necessary for each payload. With the new deck feature, Burp Suite enables automation accessible in the external tab. This feature allows testers to select specific targets, such as login or registration pages, and apply different attack vectors. It enhances efficiency, saving time and resources, which is beneficial when dealing with larger-scale web applications or numerous APIs.

Manual assessment in the tool is great.

Scanning needs to be improved in enterprise and professional versions. The enterprise version has challenges related to scheduled scans. If a scan fails after two days without notification during offline periods, that time is lost. Sometimes, it took up to 24 hours to realize that certain tests had failed for various reasons. There's significant room for improvement in automating scans.

I have been using PortSwigger Burp Suite Professional for more than 10 years.

The product is a good tool for application assessment.

I rate the solution’s stability an eight-point five out of ten.

The automation features in Burp Suite For vulnerability assessment and penetration testing may not be as extensive as other tools like NetSparker. Other tools may offer more comprehensive capabilities, especially in areas such as source code. Features like capture and OTP testing might be more robustly supported in other tools. There may be limitations in automation with Burp Suite Professional. NetSparker could be more suitable for tasks like two-factor authentication testing.

Four to five are using this solution.

The professional version is not very scalable, whereas the enterprise version is scalable. I can run multiple scans.

Technical support is good.

Positive

We have used Netsparker and WebInspect. WebInspect is very difficult to operate.

The initial setup takes more than a week. The professional version is a plug-and-play.

There is a Java package that you can easily use without installing it.

The product is cheap compared to other products.

I rate the product’s pricing a seven out of ten, where one is expensive and ten is cheap.

We have an infrastructure and DevOps team of eight to ten people for solution maintenance.

Reporting is good and very light. The response is fine.

I recommend the solution for dynamic assessment.

Overall, I rate the solution a nine out of ten.

I'm primarily using it for testing of the company's website.

The interface is good.

It is easy to use.

I am certified with the product and have a good understanding of it.

The usability is very good.

It offers very good accuracy. You can trust the results. 

It's good software that is great for a beginner to use.

It can scale. 

The product is stable and reliable. 

It works for me. I don't see any missing features. 

The solution is not easy to set it up. You need a lot of knowledge. I'd like to see more documentation. They need to provide more videos and more information about the solution. The website isn't as helpful as it could be. They need to provide more information and maybe provide courses to help people get the most out of it. 

For smaller organizations, the solution is expensive. 

I've been using the solution for two years. 

I'd rate the stability eight out of ten. It is pretty stable. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is very scalable. I'd rate the ability to extend ten out of ten.

Three people are using the solution.

I do not have any experience with technical support. I had a colleague who would deal with support.

I used to use OWASP Zap. It is a free solution. I moved to Burp as the accuracy rate was higher. We wanted something that provided correct information about errors. 

The initial setup was a bit difficult. For a beginner, it's tough to set up. I'd rate the solution three out of ten in terms of ease of setup. There isn't proper documentation to help you through the process. 

I cannot recall how long the deployment took. I watched a lot of videos and just went ahead with eh setup myself. 

The product doesn't require any maintenance. 

I handled the initial setup myself. I did not have any outside assistance. 

I have witnessed an ROI. It is worth the money.

It is a bit expensive for smaller companies. If you're using it in a small company or for your own purposes, it's costly. I'd rate the cost three out of ten in terms of affordability.

I'm not sure of the exact cost of the solution as I don't directly deal with licensing. 

I'm a customer. I'm using the professional version. It is the latest version. They always update it and provide me with the latest upgrades. 

I'd recommend the solution to others. It's very accurate and easy to use. 

I would rate the solution. Ten out of ten. 

Mainly, the solution is a proxy. It also contains different tools, including intruder tools for customized automated attacks and tools for repeating requests, or decoding, et cetera. Many tools are there that can perform different tasks for different use cases. Apart from that, we have the BApp Store which contains a lot of tools as well. This Burb Suite is an application where we have all the tools. 

It is mainly used for pen testing.

Features such as the Intruder, Repeater, and Proxy have helped our organization a lot.

The Intruder, Repeater, and Proxy features have been great.

The initial setup is simple.

It is an easily scalable product.

The solution is very stable. 

In some cases, we got a few file postings while doing it by the automatic scan. If that could be better, that would be ideal. The scanner could just be updated a bit more. 

We'd like to have more integration potential across all versions of the product. The enterprise version seems to have better integration services than others. 

I've been working with the solution for six years. 

The solution is quite stable. There are no bugs or glitches and it doesn't crash or freeze. It is reliable. 

The solution scales well. It's not an issue.

I have also had some queries and I have used their support services. It was like all solutions out there. They are quite good in general.

Positive

I have used many other tools. This is one of the best tools that I'm using. I found this one much better. 

We have found the initial setup to be very simple and straightforward. It's not overly complex or difficult. 

For any configuration for deployment in our project, we assign two people. We have a small team of two aligned with our project. They will handle everything related to implementation. The setup doesn't take longer than one day.

In terms of maintenance, for the customers, what we are doing is we have an internal cyber security team, in which there are people doing the pen test. There are people who are doing the vulnerability assessment for the WASP scan, SaaS. For each, we have a separate team, and based on that, most of the deployments are done by these pen testers only. We do not provide maintenance for customers, however, we do provide reporting and technical support.

Before Burb Suite, we had our own technical team there for everything, including deployment. We have a separate network team and they will manage everything - including installation. It is very simple. You can download that directly. It's all very easy to do in-house.

I don't deal with any aspect of the licensing at this time. I can't speak to the exact pricing. 

I'm just a customer and an end-user.

We're using the latest version of the solution. We usually give an auto-update functionality. All the updates came automatically. We are updating it automatically.

We actually have an .EXE file in our system. We have the professional version. We've downloaded and given out the access key. It's on-premises, not the cloud. 

Overall, I've been very happy with the solution. I'd rate it nine out of ten.

We are using the latest version and are in the process of upgrading it. 

We use the solution for vulnerability assessment in respect of the application and the sites. We use the intruder part, which is essentially the Proxy part, to check whether any brute-force attacks can be undertaken. 

We wish that the Spider feature would appear in the same shape that it does in previous versions. 

I believe we have developmental tools such Accuratix. It would be nice if the report that was accepted upon scanning would highlight all the weaknesses from the perspective of my application. 

We have been using PortSwigger Burp Suite Professional for the last three years.

We have had no issues with the stability. 

As we only have a couple of licenses, we have not encountered any issues concerning the scalability. 

The technical support is all right. 

This said, we have requested support on a couple of occasions, specifically one concerning training relating to the new features and add-ons coming onto the application, and this is still outstanding. 

The initial setup is not very complex. Rather, it is easy and straightforward. 

For a country such as Sri Lanka, the pricing is not reasonable. 

There are around 10 people using the solution in our organization.

I don't have any advice off the cuff. When it comes to the web crawling features, it does not need to be in the same shape as before, but it would be nice if it allowed us to index associated things in the manner that we did so in the past. 

I rate PortSwigger Burp Suite Professional as a nine out of ten. 

The solution is the standard in application penetration testing and this is what we use it for.

I have found the best features to be the performance and there are a lot of additional plugins available.

I have been using the solution for approximately three years.

The solution is reliable, it is very stable.

The installation is straightforward and simple. It only takes minutes to install.

We did the deployment and one individual can do it, it is not complex. We have a team of three engineers and architects doing the deployments and maintenance.

The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them.

I would recommend this solution to others.

I rate PortSwigger Burp Suite Professional a ten out of ten.

It's an individual tool that security professionals use for their manual pen-testing. We use it for capturing the traffic, intercepting the traffic between the browser and the application. We try to manipulate the applications, the traffic so that whatever input that is accepted by the application is sanitized and validated. We try to analyze the application for input validation. All inputs are handled correctly.

Another use case is having a scanner module built-in where you can browse the entire application. The scanner can continuously scan the application for vulnerabilities based on OWASP Top 10 standards. Likewise, you can come to know what vulnerabilities are in the application. Later, you can go through the vulnerabilities one by one and triage them.  

There are many different modules in Burp Suite. We have a comparator module where you can compare the request and response. You have the Repeater module where you can repeat the sequences. They can be used for other test use cases such as doing disciplinary attacks or brute force attacks on the applications. 

Basically, there are a wide variety of use cases and applications.

Request handling capacity, it do not handle huge chuck of requests as it freezes.

And obviously as all tool does Burp also gives some false positive results, vetting has to be done thoroughly.

The most valuable feature of Burp Suite is probably how we can intercept the request and response. We can manipulate a request and send it back to the server. Intercepting is one of the best features for sure. 

The scanner is excellent. The scanner is one of the good features. If you compare it to more expensive tools like WebInspect or IBM AppScan, you'll realize that, at a very low cost, Burp Suite can provide good results.

The is a good amount of documentation available online. The solution is stable.

The initial setup isn't too complex.

The solution offers some great extensions through a BApp store. Users can implement extensions and upload them to the BApp store.

The solution has a great user interface.

Its strong user community is always helpful when it comes to any problem regarding the tool.

Although it provides great writeup for the identified vulnerabilities but reporting needs to improve with various reporting templates based on standards like OWASP, SANS Top 25, etc. The tools needs to expand its scope for mobile application security testing, where native mobile apps can be tested and can provide interface to integrate with mobile device platform or mobile simulator's. Burp suite has great ability to integrate with Jenkins, Jira, Teamcity into CI/CD pipeline and should provide better ways of integration with other such similar platforms.

I've been using the solution for more than eight years now - right from their open-source free version through to their professional version.

The stability is quite good. We have no complaints. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

Obviously, Burp Suite is a DAST tool and good asset for pentester's. However, we need to see how best it can be utilized for automation so that DAST can be automated. Dynamic application testing can be automated and can integrate Burp into CI/CD pipeline using Jenkins. That said, we need to make it use it in a more efficient way. There should be some methods or some guidance from Burp on how best we can use it for automation.

We've never interacted with tech support. That's mostly due to the fact that there is already a lot of material that is available online. With all of the details readily available, we don't need to interact with tech support.

The initial setup isn't too difficult. It's JAR based. I would say it's an analog file. It just requires minimum requirements like Java and a license. After that, you are good to go.

Burp Suite provides different licenses. They have open-source free-to-use licenses, which can be used by anyone. Then, they have a standalone license that, as a security professional, you can use. They have their Enterprise version as well. I use the professional version.

Initially, when we were using Burp Suite, I hardly remember the version we started at. 

The actual costs vary from country to country, however, I would say it's cheaper if you compare it to other DAST solutions and tools.

Compared to other web applications assessment tools Burp suite is a solid tool for web based penetration testing for a reasonable price.

We are just customers and end-users.

I'd advise other organizations that this solution is a pretty good tool for manual penetration testing. It has good features like the Scanner and Sequencer, Repeater, and there are extensions. Burp extensions are available where they can customize Burp behavior using their own or third-party code. Those features will be really useful for Burp users. It's also obviously a very cost-effective option.

I would rate the solution at a nine out of ten.

We primarily use the solution for security testing - specifically for web-application security. 

The crawling capability is excellent.

The product has very good reporting capabilities. They give you multiple reporting options.

The solution has a variety of different extensions that you can use.

The solution has a pretty simple setup.

The pricing of the solution is quite high. It would be ideal for the customers if they could lower the costs involved in their subscription.

We have new tools in R language programming platforms that are coming up. The solution needs to ensure its compatible with that language.

I've been using the solution for about two years at this point.

We use this solution every day. I don't have any issues with the solution. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable.

I'm a consultant. I tend to use the tool for my clients. I only have one license on my computer. I don't need to scale the product.

The solution is scalable, however. There's a different version for that aspect. You have Community, Professional, and Enterprise editions. Each has different capabilities.

The solution offers good support services. There's also the product team that can assist. Overall, I've been happy with the level of service I've received.

I've worked with other solutions, such as Acutenix. As a consultant, I always have two to three tools for running and validating for testing. There is no plus or minus to each tool, really. The process itself would be more like using multiple tools to find out whether it appears in all the tools or not.

The initial setup is not overly complex. It's easy and straightforward. A company shouldn't have any issues with the implementation process.

The deployment takes a maximum of an hour, actually. If you have to configure some prerequisites, it is one hour tops. There are advanced setups, however, how advanced the implementation depends on the client environment. If a company has an advanced setup, it could take some time. 

Ultimately, the solution is installed directly onto my laptop.

The maintenance process is pretty minimal. The yearly subscription keeps everything updated. They will notify you if there is an upgrade that needs to be addressed.

The pricing of the solution is quite high. Costs are based on their subscription model. The pricing affects whether a client will engage with me and the solution or not. It could be a deal-breaker. Budgets are often tight.

The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription.

I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients.

This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution.

I'd recommend this solution. It's one more tool to have in your bag.

I would rate the solution at a ten out of ten.