PortSwigger Burp Review

More accurate than other solutions we are using but can sometimes be slow to perform


What is our primary use case?

Our primary use case for this solution is to perform application security testing.

How has it helped my organization?

I don't have specific metrics but I can say that using this tool adds value.

What is most valuable?

There are several features that I like about this solution. The most valuable feature is that it has support for add-ons where we can add extra little scripts to the tool to perform more automated testing.

I like using the Repeater feature to perform proxy testing, and the Repeaters have dashboards now. The add-ons are compatible with the dashboards, as well. 

What needs improvement?

There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual. This would help us to better understand the product, and we would not need to buy a separate book.

In the next release, I want to see it more interactive and have more multitasking with some faster features. Sometimes scanning takes a long time, so they need to add more tricks to reduce the time spent in security testing.

For how long have I used the solution?

More than one year.

What do I think about the stability of the solution?

Stability-wise it is good.

What do I think about the scalability of the solution?

It is possible to work on multiple projects at the same time. I have tried five or six, and it is working fine. I would agree that the scalability is very good, and we have not found a limit yet.

We have approximately thirty users for this solution and they are the testers. As our team grows, we'll need to buy more licenses.

How are customer service and technical support?

We have used technical support three times, and each time received an email within twenty-four hours. They first try to understand the problem, and then after this, they provide step by step instructions for what to do. It's pretty easy.

If you previously used a different solution, which one did you use and why did you switch?

We have always used Burp Suite because it is a well-known tool.

How was the initial setup?

This solution is very easy to install and understand.

For a single user, it will take thirty to forty-five minutes. For our organization, it took between eight and nine hours.

What about the implementation team?

We handled the implementation and deployment ourselves.

What was our ROI?

We have seen ROI with this product.

What's my experience with pricing, setup cost, and licensing?

The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees.

Which other solutions did I evaluate?

We considered using OWASP Zed Attack Proxy, which is open source. We decided to use this alongside the current solution, and also with IBM Security AppScan.

This tool is more accurate than the other solutions that we use and reports fewer false positives.

What other advice do I have?

They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there.

I would rate this solution a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email