PortSwigger Burp Review

The active scanner provides a very accurate security audit


What is our primary use case?

The primary use case is generally for security compliance on web applications. We provide services to our customers with Burp both on-prem and on cloud. I'm a solutions consultant and we are customers of PortSwigger Burp. 

What is most valuable?

Their flagship feature would be the active scanner, which carries out an automated look up of any web vulnerabilities reflecting over to one of the main compliance standards, like OWASP. This provides an accurate security audit for their web applications.

What needs improvement?

One downside of the solution would be their false positive checks. As with most automated security tools, there is still a high false positive issue. Hopefully they will be able to improve on that in the future. It would also be helpful if the solution had the capability of handling larger reports. Another area of improvement would be to have a customizable dashboard. It's currently restricted now to their own interface. If you want to utilize the other features available in their API documentation, then you have to write some code yourself. It would be great if their interface could be somewhat customizable.

For how long have I used the solution?

I've been using this solution for two years. 

What do I think about the stability of the solution?

The stability of the solution is generally fine.

What do I think about the scalability of the solution?

The solution is easily scalable, depending on licensing of course. For example, on the cloud set up, you can easily scale the agents and such. But in terms of bandwidth, maybe when it comes to their reporting feature, there are some limitations with the detail that can be downloaded from the report. I've found that the system can crash if you try to download a report with many details.

How was the initial setup?

In my opinion the initial setup is pretty straightforward. The workflow is easy to understand and they have a lot of documentation on how to perform many of the key tasks.

What's my experience with pricing, setup cost, and licensing?

I believe the price is good where it's at right now. They have a very competitive price point although recently they've been incrementally increasing in price. It's still competitive. 

What other advice do I have?

I would definitely recommend PortSwigger as a primary tool for auditing any open vulnerabilities of anything related to web applications. 

I would rate this product an eight out of 10. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More PortSwigger Burp reviews from users
...who work at a Financial Services Firm
...who compared it with OWASP Zap
Add a Comment
Guest