PortSwigger Burp Review

Intruder and automatic scanning features help secure our internal applications pre-production

What is our primary use case?

This is a solution for which I provide services to our customers and I also use it personally.

As part of our organization, we build internal applications. Before they are put into production, we run a suite of security tests to ensure that our applications are not vulnerable to any known issues. We use PortSwigger Burp for testing, as well as OSASP Zap. We do similar tests in multiple tools to make sure that we cover the entire set of use cases.

I have this solution deployed as one user on a single machine, which is used by a designated security tester.

What is most valuable?

The most valuable features are Burp Intruder and Burp Scanner.

The automatic scanning feature is helpful.

What needs improvement?

The interface for the automatic scan can be improved because it is easy for technical users, but the business users have trouble with it. There is documentation but the interface should be more user-friendly.

There should be a heads up display like the one available in OWASP Zap. I think that it would be a very good addition.

For how long have I used the solution?

I have worked with PortSwigger Burp for about ten years.

What do I think about the stability of the solution?

This solution is stable and we have had no major problems.

What do I think about the scalability of the solution?

We have had no issues with scalability, although we are using a standalone installation with only a single user. We may expand usage in the future.

Which solution did I use previously and why did I switch?

We also have OWASP Zap and we continue to use these two tools.

Zap has a heads up display within its own browser, which is a very good feature. Zap is also completely free, whereas Burp has a free version but it also has licenses available.

For the most part, we use open-source solutions, which are free of charge.

How was the initial setup?

The initial setup is simple and very straightforward. We were not setting up a server, so it took perhaps five minutes to get up to speed and begin using it.

What's my experience with pricing, setup cost, and licensing?

There are different licenses available that include a free version.

What other advice do I have?

We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there.

This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More PortSwigger Burp reviews from users
...who compared it with OWASP Zap
Add a Comment