PortSwigger Burp Review

It is the best all round solution for manual application testing but there are some stability problems directly related to Java.

What is most valuable?

  • Proxy
  • Repeater
  • Intruder
  • Extender API (and plug-ins)
  • CSRF generator

How has it helped my organization?

This is by far the best application assessment tool I have used. It is more usable and has more features than most of the enterprise tools that cost 10-100 times as much.

For how long have I used the solution?

I've used it for five years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

There are some memory issues, where the application runs out of memory and crashes. This is directly related to Java. This was improved after switching to 64-bit Java, but it still creeps up once in a while.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's excellent.

Technical Support:

It's very good.

Which solution did I use previously and why did I switch?

I use many projects, but Burp is the best all round solution for manual application testing.

How was the initial setup?

It's very straightforward, you just have to double-click a Jar file.

What other advice do I have?

You get many features with the free product, but the real power is unlocked with the Pro version. The intruder is an amazing tool and makes the entire product worth purchasing, and the ability to perform automatic backups is well worth the small price of this product as well.

Which version of this solution are you currently using?

1.6
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More PortSwigger Burp reviews from users
...who work at a Financial Services Firm
...at Large Enterprises
...who compared it with OWASP Zap
Free Report: PortSwigger Burp Reviews and More
Learn what your peers think about PortSwigger Burp. Get advice and tips from experienced pros sharing their opinions. Updated: December 2020.
Download now
454,950 professionals have used our research since 2012.
Add a Comment
Guest
Author
Highlights
"The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved."
This tool is more accurate than the other solutions that we use, and reports fewer false positives.
This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps.
Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.
Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it.
The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues.
The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately.
See more »
Buyer's Guide
Download our free PortSwigger Burp Report and get advice and tips from experienced pros sharing their opinions.
Download Now
Quick Links
Learn More: Questions: