PortSwigger Burp Review

It is the best all round solution for manual application testing but there are some stability problems directly related to Java.


What is most valuable?

  • Proxy
  • Repeater
  • Intruder
  • Extender API (and plug-ins)
  • CSRF generator

How has it helped my organization?

This is by far the best application assessment tool I have used. It is more usable and has more features than most of the enterprise tools that cost 10-100 times as much.

For how long have I used the solution?

I've used it for five years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

There are some memory issues, where the application runs out of memory and crashes. This is directly related to Java. This was improved after switching to 64-bit Java, but it still creeps up once in a while.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's excellent.

Technical Support:

It's very good.

Which solution did I use previously and why did I switch?

I use many projects, but Burp is the best all round solution for manual application testing.

How was the initial setup?

It's very straightforward, you just have to double-click a Jar file.

What other advice do I have?

You get many features with the free product, but the real power is unlocked with the Pro version. The intruder is an amazing tool and makes the entire product worth purchasing, and the ability to perform automatic backups is well worth the small price of this product as well.


Disclosure: I am a real user, and this review is based on my own experience and opinions.

1 visitor found this review helpful
Add a Comment
Guest