PortSwigger Burp Review

A low cost security solution that identifies issues quickly but could offer better integration

What is our primary use case?

The primary use case is security for the development lifecycle. We use the application for security testing.

How has it helped my organization?

The solution helps to identify security issues quickly.

What is most valuable?

The Spider is the most useful feature. It helps to analyze the entire web application and it finds all the passes and offers an automated identification of security issues.

What needs improvement?

The number of false positives needs to be reduced on the solution.

I'm not sure whether some features need to be added because the product has a specific toolset, and if I do need some additional features, currently I get them in different security products. The solution, however, could better integrate with various other tools.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

The solution is not designed to be scalable. You have an individual license, and I use it individually.

How are customer service and technical support?

I have not needed to use the solution's technical support.

If you previously used a different solution, which one did you use and why did you switch?

Before Burp I was manually proxying the data myself. I have experience making my own tools for security assessment. Burp is pretty convenient, and it's one of the most popular tools, which is why I began using it.

I also use Wireshark, which is pretty effective too.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

We implemented the solution ourselves.

What's my experience with pricing, setup cost, and licensing?

Licensing is paid on a yearly basis. The yearly cost is about $300.

What other advice do I have?

For application security testing, I would suggest Burp. It's probably the leader in this area. It's just like analog tools such as OWASP ZAP, which is open-source. OWASP ZAP is still not as effective as Burp is.

The solution helps to find different security issues, and it helps identify many, many security issues quickly, and that's what makes it such a useful tool.

I would rate the solution seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email