PortSwigger Burp Suite Professional Review

Effective automatic scanning, Academy portal for learning, and reliable

What is our primary use case?

The solution is for web security testing and the primary use is to eliminate the false positives.

How has it helped my organization?

This solution has helped our company in many ways. PortSwigger Acadamy has given us the knowledge to be able to do deeper tests. The effectiveness of the tests is directly proportional to your knowledge about security testing. Even if you do not have this knowledge at the beginning you still you can perform some kind of testing. If you do not know how to choose your payload then it is going to suggest the built-in payloads to which you can perform those test attacks.

You do not need to be an expert to use the solution, an intermediate skilled person can use it and over time they can become an expert. Sometimes it is difficult to find skilled employees to start working in this field for your company but with PortSwigger the new employee does not have to be an expert because they are able to grow quite quickly in their knowledge.

What is most valuable?

The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.

What needs improvement?

There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.

In a future release, if there could be some kind of autonomous function, or user behavior prediction that would be beneficial.

For how long have I used the solution?

I have been using this solution for approximately three years.

What do I think about the stability of the solution?

The solution has not had any crashes or any problems. It is reliable.

What do I think about the scalability of the solution?

The solution is scalable. There are types of operations we can do and it has good peak performance.

How are customer service and technical support?

PortSwigger has something called Academy where you can go to learn about many things related to security testing.

How was the initial setup?

The installation is very easy.

What's my experience with pricing, setup cost, and licensing?

The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable.

Which other solutions did I evaluate?

I have evaluated Zap.

What other advice do I have?

My advice to others just starting out with security testing is to evaluate Zap, which is open-source, to allow them to get an understanding of the processes. Then once they have an understanding they should look into PortSwigger Burp Suite Professional. This solution would win in comparison with its features and would be a very good choice after they have some experience.

I rate PortSwigger Burp Suite Professional an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More PortSwigger Burp Suite Professional reviews from users
...who work at a Financial Services Firm
...who compared it with OWASP Zap
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
522,946 professionals have used our research since 2012.
Add a Comment
ITCS user