PortSwigger Burp Suite Professional Reviews

We use this solution when we develop any of our software applications and host it with the website for external clients. All of the applications go through the vulnerability scanner.

Burp Suite is very helpful. The extension that it provides with the community version for the skills mapping is excellent.

The interface for external clients needs improvement.

Currently, the scanning is only available in the full version of Burp, and not in the Community version.

I would like the scanning included for free also.

We have been using this solution for a year and a half.

It's a stable solution. We have not had any issues.

I have not contacted technical support. 

We have not experienced any issues where we couldn't resolve them using our internal team.

We have not required any technical support.

When we compare it to other programs that we have such as OWAP Zap, we found Burp to be more suitable.

The initial setup is straightforward.

It is very easy to automate. It requires some configuration that has you follow step by step instructions. 

It can take four to five hours to go live.

Anyone with minimal knowledge and training can use this tool.

We are using the community version, which is free.

We evaluated OWASP Zap, which was fully open-source.

We use the community version and found that Burp was easier and more useful.

The interface is better in PortSwigger Burp.

I would rate PortSwigger Burp an eight out of ten.

• Proxy
• Repeater
• Intruder
• Extender API (and plug-ins)
• CSRF generator

This is by far the best application assessment tool I have used. It is more usable and has more features than most of the enterprise tools that cost 10-100 times as much.

I've used it for five years.

No issues encountered.

There are some memory issues, where the application runs out of memory and crashes. This is directly related to Java. This was improved after switching to 64-bit Java, but it still creeps up once in a while.

No issues encountered.

It's excellent.

It's very good.

I use many projects, but Burp is the best all round solution for manual application testing.

It's very straightforward, you just have to double-click a Jar file.

You get many features with the free product, but the real power is unlocked with the Pro version. The intruder is an amazing tool and makes the entire product worth purchasing, and the ability to perform automatic backups is well worth the small price of this product as well.

We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application.

Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications. 

Primarily we have three users, but keep in mind, we only have a single environment, which we need to improve and expand. 

The traffic interception capabilities are great. Spidering also produced some good results for us.

A lot of our interns find it difficult to get used to PortSwigger Burp's environment. The environment should be improved a little bit. Once you get used to it, it's fine, but it should be more simplified for newcomers. This would save us from constantly having to brief our interns. 

The stability is good; so far, we haven't come across any bugs.

We use some different tools for web application testing, like Nmap and others. If PortSwigger Burp could actually scale up for web application scanning, that would be really good. This way, instead of using different tools, we could easily rely on one tool for all testing.

We haven't had any reason yet to contact technical support. Aside from support, they should hold consistent webinars and offer updates, briefings, and panel discussions. This would greatly enhance our knowledge.

Otherwise, the technical support is good enough. We haven't required their assistance yet, but soon we'll be needing assistance and information surrounding the latest improvements and updates.

The initial setup can be complex. It needs to be deployed in between the traffic. They should include some case-scenarios to help, like a scenario-based briefing, that would really help and add a lot of value for the initial application tester. 

It's a very unique way of pricing. It varies depending on the type of testing you are performing. Manual testing is expensive, but as we don't have another option, it seems to be fair.

I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. 

On a scale from one to ten, I would give this solution a rating of eight.

If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten.

In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.

We used this solution as a proxy. It's a software that intercepts HTTP requests. You can modify them on your system for testing web applications.

It's an amazing tool. We can work with it automatically, or we can work with it manually.

There is no other tool like it. I like the intuitiveness and the plugins that are available.

The plugins are similar to integration. I can create my own login and use it.

The use of system memory is an area that can be improved because it uses a lot. They need to reduce the amount of system memory it uses.

I have been working with PortSwigger Burp for four years.

We can say that it is stable, but it is using a lot of RAM.

It's a scalable solution.

We have more than 30 users in our organization.

Technical support is good, they have a good response time.

The initial setup is straightforward.

This solution requires no maintenance.

PortSwigger is reasonably-priced. It's fair.

They have more features than I can use and I need more time to utilize this solution 100%.

I highly recommend it because everybody in Web Applications Security is using it.

I would rate PortSwigger Burp a nine out of ten.

Our primary use for this solution is to perform vulnerability scanning before we deploy software in production.

This solution has done a lot to improve our organization. It allows us to be proactive and solve issues before our external auditors find them. 

The most valuable feature of this solution is the scanning functionality. Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.

Burp Intruder is another very good feature in this solution.

I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory. Sometimes, the application is blocking.

The reporting also needs improvement. Specifically, if there is an issue that exists on many pages, then I do not want to see the same thing repeated many times throughout the report. Rather, it should be pointed out as a global error, and only shown the one time. 

In the next version, I would like an option to scan the environment where the application is installed. I would also like a better cryptographic study, with more controls.

This solution is very stable.

I would say that this is a very scalable solution.

We do plan to increase our usage, but not beyond the Professional version. It is not our intention to move to the Enterprise version right now.

I would rate their technical support a five out of five.

The initial setup and deployment are straightforward and take very little time.

Only one person from the IT department is required for deployment and maintenance.

We handled the implementation internally.

Our licensing cost is approximately $400 USD per year. There are no costs in addition to the standard licensing fees.

We did evaluate other options before choosing this solution.

I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are available.

I would rate this solution a nine out of ten.

We are an auditing company. We use this solution for auditing purposes for the infrastructure of our customers.

The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs. 

One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome.

I have been using this solution for more than a year.

It is stable. We didn't have any issues.

Its scalability is great. We have almost five users who are using the product, and they're happy with this product. 

We've got very good support from their team.

We previously used some open-source applications, but later on, we found out that, unfortunately, they are not good products. We had to use the applications of all other products separately in our environment, but PortSwigger can do all things itself. That's why we switched to PortSwigger.

The initial setup was very simple.

I implemented it on my own.

It has a yearly license. I am satisfied with its price.

We did consider one more product and had a discussion about the product features. We found PortSwigger to be the best match for our business.

It is a very good product. You must try it once.

I would rate PortSwigger Burp a nine out of ten. I am satisfied with this product. It is a great experience.

I use this primarily for intercepting mobile HTTP and HTTPS requests with SSL pinning bypass. It's a better tool for manual tasks.

This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps.

The best feature that I've found is the built-in manual tools.

The scanner and crawler need to be improved.

My primary use case for this solution is designed around my own personal use. Burp Suite is a graphical tool for testing Web application security. The tool is written in Java.

I use Burp Suite on my laptop in my room for my personal research study. Since I don't use it for corporate work or company research purposes I can't comment on how it has improved my organization. 

In my opinion, all of the features seem to be of equal value really. I'm currently using the latest version.

The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.

My impressions of the stability of the solution are quite good.

My impressions of the scalability of the solution are good.

At work, I use an open source SAP solution. It's a free tool. It's a fully automated tool and it's fully furnished. Currently, I'm the only user and it's my job to analyze this product.

The initial setup was somewhat complex, to be honest.

My only advice for anyone looking for a personal use case for testing Web application security is this is a good option.

Before choosing this tool, no, I didn't evaluate any other options. I know what I wanted and I'm very happy with it.

It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement.

Great product. I rate this product a 9 out of 10 for its total package of value-added features.