PortSwigger Burp Overview
What is PortSwigger Burp?
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
PortSwigger Burp is also known as Burp.
PortSwigger Burp Buyer's Guide
Download the PortSwigger Burp Buyer's Guide including reviews and more. Updated: February 2021
PortSwigger Burp Customers
Maven Security Consulting, OWASP Italy, Penetration Testing Firm
PortSwigger Burp Video
What users are saying about PortSwigger Burp pricing:
- "Licensing costs are about $450/year for one use. For larger organizations, they're able to test against multiple applications while simultaneously others might have multiple versions of applications which needs to be tested which is why we have the enterprise edition."
- "The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees."
- "There are different licenses available that include a free version."
- "There is no setup cost and the cost of licensing is affordable."
PortSwigger Burp Reviews
- Highest Rating
- Lowest Rating
- Review Length
Showingreviews based on the current filters.
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Great design, excellent features like Intruder, Repeater, Decoder with plenty of plug-ins from community forums.
What is our primary use case?Clients come to me for an assessment of their web applications to see the risks that they are facing with their applications. They want to ensure that their application is free of being manipulated and also secure, so they reach out to us to do vulnerability assessment and application penetration testing. We make use of PortSwigger's BurpSuite tool carry this out. We look at it more from an application standpoint, what common vulnerabilities there are like the top 10 OWASP vulnerabilities like Injection(OS/SQL/CMD), broken authentication, session management, cross site request forgery… more »
Pros and Cons
- "Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
- "The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
What other advice do I have?The tool comes in three type. First, there is the Open Community Edition, which is meant for people who use it to learn the tool or use it to secure their system. This edition does not have scanning features enabled to source scan the against application URLs or websites. From the standpoint of learning about security tests or assessing the security of application without scanning, the community edition really helps. Then you also have a Professional edition which is more meant for doing comprehensive vulnerability assessment and penetration application which is very important. Especially for…
Founder and Director at a financial services firm with 1-10 employees
Feb 21, 2021
Great reporting with good crawling capability and offers a simple setup
What is our primary use case?We primarily use the solution for security testing - specifically for web-application security.
Pros and Cons
- "The solution has a pretty simple setup."
- "The pricing of the solution is quite high."
What other advice do I have?The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription. I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients. This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution. I'd recommend this solution. It's one more tool to have in your bag. I would rate the solution at a ten out of ten.
Learn what your peers think about PortSwigger Burp. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
465,058 professionals have used our research since 2012.
Senior Security Engineer at a insurance company with 10,001+ employees
May 18, 2019
More accurate than other solutions we are using but can sometimes be slow to perform
What is our primary use case?Our primary use case for this solution is to perform application security testing.
Pros and Cons
- "This tool is more accurate than the other solutions that we use, and reports fewer false positives."
- "There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
What other advice do I have?They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there. I would rate this solution a seven out of ten.
IT Manager at a manufacturing company with 10,001+ employees
A very user-friendly solution with good technical support, but it needs more advanced reporting.
What is our primary use case?We use the solution for scanning our in-house external facing website.
Pros and Cons
- "The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
- "The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
What other advice do I have?We use the on-premises deployment model. I would rate the solution seven out of ten.
Compliance Manager at a tech services company with 201-500 employees
Evaluate and ensure the security of web-based applications
What is our primary use case?We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application. Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications… more »
Pros and Cons
- "In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
- "A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
What other advice do I have?I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. On a scale from one to ten, I would give this solution a rating of eight. If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten. In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.
Senior Test Engineer II at a financial services firm with 201-500 employees
Finds vulnerabilities but is not always cost effective
What is our primary use case?Our use cases are to identify the vulnerabilities of OAST and the other applications we are using.
Pros and Cons
- "The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
- "One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
What other advice do I have?On a scale of one to ten I would rate PortSwigger Burp a seven. For it to be a 10 it would need to implement the above mentioned different formats for reporting and the interactive security testing.
Cyber Security Specialist at a university with 10,001+ employees
Jan 30, 2020
Intruder and automatic scanning features help secure our internal applications pre-production
What is our primary use case?This is a solution for which I provide services to our customers and I also use it personally. As part of our organization, we build internal applications. Before they are put into production, we run a suite of security tests to ensure that our applications are not vulnerable to any known issues. We use PortSwigger Burp for testing, as well as OSASP Zap. We do similar tests in multiple tools to make sure that we cover the entire set of use cases. I have this solution deployed as one user on a single machine, which is used by a designated security tester.
Pros and Cons
- "The most valuable features are Burp Intruder and Burp Scanner."
- "There should be a heads up display like the one available in OWASP Zap."
What other advice do I have?We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there. This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user. I would rate this solution an eight out of ten.
Proactively assess our in-house software for vulnerabilities in advance of public release
What is our primary use case?We use this solution for the security assessment of web applications before their release to the internet. The security assessment team uses this product to identify vulnerabilities and vulnerable code that developers may introduce. We host all of the beta applications in our internal web servers and then the security team starts assessments when the development freezes.
Pros and Cons
- "BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
- "The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
What other advice do I have?All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to ensure that the applications released to the public internet will have better protection from malicious attackers.
See 13 more PortSwigger Burp Reviews
Download our free PortSwigger Burp Report and get advice and tips from experienced pros sharing their opinions.
- Penetration Testing
- SQL Injection
- Primary Use Case
- Valuable Features
- Room for Improvement
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Is SonarQube the best tool for static analysis?
- SAST vs. DAST: Which is better for application security testing?
- What are the OWASP top 10 in 2020?