We use the product primarily for application security. It helps us conduct scans and perform manual testing.
Application Security Enginee at a tech vendor with 1,001-5,000 employees
Has valuable scanner functionality and a simple setup process
Pros and Cons
- "One useful function is the ability to send requests to the repeater without making actual requests through the browser, allowing me to modify requests easily."
- "One area for improvement is the integrated browser, Chromium. Single Sign-On (SSO) methods like Microsoft authentication login sometimes fail and show errors. As a workaround, I have to use a different browser, such as Firefox, to log in and make Burp work."
What is our primary use case?
What is most valuable?
The platform's most valuable feature is the scanner. It also includes highly beneficial tools like the repeater and decoder. One useful function is the ability to send requests to the repeater without making actual requests through the browser, allowing me to modify requests easily. Additionally, the availability of various extensions, such as SQLite, adds to its value.
What needs improvement?
One area for improvement is the integrated browser, Chromium. Single Sign-On (SSO) methods like Microsoft authentication login sometimes fail and show errors. As a workaround, I have to use a different browser, such as Firefox, to log in and make Burp work.
I suggest adding a static code analysis feature to Burp. A plugin developers could install in their Integrated Development Environments (IDEs), like Visual Studio, would be incredibly useful. It would allow developers to perform code scanning as they write code.
For how long have I used the solution?
I have been working with PortSwigger Burp Suite Professional for almost ten years.
Buyer's Guide
PortSwigger Burp Suite Professional
January 2026
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
881,821 professionals have used our research since 2012.
What do I think about the stability of the solution?
I rate the product stability an eight out of ten.
What do I think about the scalability of the solution?
There are approximately 10 to 15 users in my department or company using Burp. I rate the scalability an eight out of ten.
How are customer service and support?
The technical support team resolved my issue, though it was not immediate. Since this experience was years ago, I haven't raised any support tickets recently.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
One free tool that I consider a good competitor to Burp is OWASP ZAP.
While ZAP has the advantage of being open-source and cost-free, I would choose Burp for penetration testing. Burp is the best for this purpose, although ZAP is adequate for basic tasks, especially in companies where Burp Suite Professional is unavailable.
How was the initial setup?
The initial setup is simple. We use the desktop version, with the application installed on our local machines.
What's my experience with pricing, setup cost, and licensing?
The platform's pricing is reasonable. It is not very high, especially compared to other tools like Acunetix or Fortify, which are quite expensive.
What other advice do I have?
I recommend the solution to others and rate it a nine out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros
sharing their opinions.
Updated: January 2026
Product Categories
Application Security Tools Static Application Security Testing (SAST) Fuzz Testing ToolsPopular Comparisons
Checkmarx One
Coverity Static
CrowdStrike Falcon Cloud Security
GitHub Advanced Security
OpenText Core Application Security
Sonatype Lifecycle
GitGuardian Platform
Buyer's Guide
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Is OWASP Zap better than PortSwigger Burp Suite Pro?
- What is the biggest difference between OWASP Zap and PortSwigger Burp?
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- We're evaluating Tripwire, what else should we consider?
- Which application security solutions include both vulnerability scans and quality checks?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
