PortSwigger Burp Overview

PortSwigger Burp is the #1 ranked solution in our list of top Fuzz Testing Tools. It is most often compared to OWASP Zap: PortSwigger Burp vs OWASP Zap

What is PortSwigger Burp?

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

PortSwigger Burp is also known as Burp.

PortSwigger Burp Buyer's Guide

Download the PortSwigger Burp Buyer's Guide including reviews and more. Updated: February 2021

PortSwigger Burp Customers

Maven Security Consulting, OWASP Italy, Penetration Testing Firm

PortSwigger Burp Video

Pricing Advice

What users are saying about PortSwigger Burp pricing:
  • "Licensing costs are about $450/year for one use. For larger organizations, they're able to test against multiple applications while simultaneously others might have multiple versions of applications which needs to be tested which is why we have the enterprise edition."
  • "The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees."
  • "There are different licenses available that include a free version."
  • "There is no setup cost and the cost of licensing is affordable."

PortSwigger Burp Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Real User
Top 5Leaderboard
Jan 2, 2020
Great design, excellent features like Intruder, Repeater, Decoder with plenty of plug-ins from community forums.

What is our primary use case?

Clients come to me for an assessment of their web applications to see the risks that they are facing with their applications. They want to ensure that their application is free of being manipulated and also secure, so they reach out to us to do vulnerability assessment and application penetration testing. We make use of PortSwigger's BurpSuite tool carry this out. We look at it more from an application standpoint, what common vulnerabilities there are like the top 10 OWASP vulnerabilities like Injection(OS/SQL/CMD), broken authentication, session management, cross site request forgery… more »

Pros and Cons

  • "Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
  • "The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."

What other advice do I have?

The tool comes in three type. First, there is the Open Community Edition, which is meant for people who use it to learn the tool or use it to secure their system. This edition does not have scanning features enabled to source scan the against application URLs or websites. From the standpoint of learning about security tests or assessing the security of application without scanning, the community edition really helps. Then you also have a Professional edition which is more meant for doing comprehensive vulnerability assessment and penetration application which is very important. Especially for…
reviewer1508730
Founder and Director at a financial services firm with 1-10 employees
Real User
Feb 21, 2021
Great reporting with good crawling capability and offers a simple setup

What is our primary use case?

We primarily use the solution for security testing - specifically for web-application security.

Pros and Cons

  • "The solution has a pretty simple setup."
  • "The pricing of the solution is quite high."

What other advice do I have?

The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription. I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients. This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution. I'd recommend this solution. It's one more tool to have in your bag. I would rate the solution at a ten out of ten.
Learn what your peers think about PortSwigger Burp. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
465,058 professionals have used our research since 2012.
Rishi Kant
Senior Security Engineer at a insurance company with 10,001+ employees
Real User
May 18, 2019
More accurate than other solutions we are using but can sometimes be slow to perform

What is our primary use case?

Our primary use case for this solution is to perform application security testing.

Pros and Cons

  • "This tool is more accurate than the other solutions that we use, and reports fewer false positives."
  • "There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."

What other advice do I have?

They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there. I would rate this solution a seven out of ten.
reviewer1112304
IT Manager at a manufacturing company with 10,001+ employees
Real User
Top 5Leaderboard
Jan 22, 2020
A very user-friendly solution with good technical support, but it needs more advanced reporting.

What is our primary use case?

We use the solution for scanning our in-house external facing website.

Pros and Cons

  • "The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
  • "The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."

What other advice do I have?

We use the on-premises deployment model. I would rate the solution seven out of ten.
Saminda Jayawardene
Compliance Manager at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
Oct 18, 2020
Evaluate and ensure the security of web-based applications

What is our primary use case?

We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application. Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications… more »

Pros and Cons

  • "In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
  • "A lot of our interns find it difficult to get used to PortSwigger Burp's environment."

What other advice do I have?

I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. On a scale from one to ten, I would give this solution a rating of eight. If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten. In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.
SivaPrakash
Senior Test Engineer II at a financial services firm with 201-500 employees
Real User
Top 5Leaderboard
Oct 18, 2020
Finds vulnerabilities but is not always cost effective

What is our primary use case?

Our use cases are to identify the vulnerabilities of OAST and the other applications we are using.

Pros and Cons

  • "The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
  • "One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."

What other advice do I have?

On a scale of one to ten I would rate PortSwigger Burp a seven. For it to be a 10 it would need to implement the above mentioned different formats for reporting and the interactive security testing.
reviewer1223976
Cyber Security Specialist at a university with 10,001+ employees
Real User
Jan 30, 2020
Intruder and automatic scanning features help secure our internal applications pre-production

What is our primary use case?

This is a solution for which I provide services to our customers and I also use it personally. As part of our organization, we build internal applications. Before they are put into production, we run a suite of security tests to ensure that our applications are not vulnerable to any known issues. We use PortSwigger Burp for testing, as well as OSASP Zap. We do similar tests in multiple tools to make sure that we cover the entire set of use cases. I have this solution deployed as one user on a single machine, which is used by a designated security tester.

Pros and Cons

  • "The most valuable features are Burp Intruder and Burp Scanner."
  • "There should be a heads up display like the one available in OWASP Zap."

What other advice do I have?

We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there. This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user. I would rate this solution an eight out of ten.
reviewer1139067
User
Real User
Top 10Leaderboard
Oct 1, 2019
Proactively assess our in-house software for vulnerabilities in advance of public release

What is our primary use case?

We use this solution for the security assessment of web applications before their release to the internet. The security assessment team uses this product to identify vulnerabilities and vulnerable code that developers may introduce. We host all of the beta applications in our internal web servers and then the security team starts assessments when the development freezes.

Pros and Cons

  • "BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
  • "The Auto Scanning features should be updated more frequently and should include the latest attack vectors."

What other advice do I have?

All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to ensure that the applications released to the public internet will have better protection from malicious attackers.
See 13 more PortSwigger Burp Reviews
Buyer's Guide
Download our free PortSwigger Burp Report and get advice and tips from experienced pros sharing their opinions.