PortSwigger Burp Reviews
Aug 01 2019
Great design, excellent features like Intruder , Repeater with plenty of plug-ins from community support
What is most valuable?I like the way the tool has been designed. Once I capture the proxy, I'm able to transfer across, all the requested information that is there. I can send across the request to the 'Repeater' feature… more»
How has it helped my organization?We're an independent IT organization that specializes in application testing and we focus on application security here. This tool really helps me unearth application issues and vulnerabilities that… more»
What needs improvement?In the earlier versions what we saw was that the REST API was something that needed to be improved upon but I think that has come in the new edition when I was reading through the release offset… more»
What's my experience with pricing, setup cost, and licensing?Licensing costs are about $450/year for one use. For larger organizations, they're able to test against multiple applications while simultaneously others might have multiple versions of applications… more»
Which solution did I use previously and why did I switch?I've used different tools like Acunetix. The first tool that we started with was Acunetix. Acunetix as quite expensive, first and foremost. It's more suitable for web application scanning and… more»
What other advice do I have?The tool comes in three type. First, there is the Open Community Edition, which is meant for people to learn the tool or use to secure their system . It does not have scanning features enables.and to… more»
Dec 19 2017
What is most valuable?Burp is the best web application penetration testing tool that I have ever used. Although all the features of Burp are very useful, I personally love its capability to… more»
How has it helped my organization?The customer is almost all the time results-oriented and they want them real quick. Burp gives my organization a great authentic source of information on the security… more»
What needs improvement?The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to… more»
What's my experience with pricing, setup cost, and licensing?This is a value for money product.
Which solution did I use previously and why did I switch?I have used a lot of tools for web application scanning and penetration testing -- like Qualys WAS, Nikto, OWASP ZAP proxy, Paros Proxy, DirBuster, Burp, etc. The reason… more»
What other advice do I have?If you are looking for a single web application penetration testing solution at low cost, definitely give it a try. You can request a trial of the pro version from… more»
Which other solutions did I evaluate?I am a consistent user of web application scanners and penetration testing solutions. I have used Qualys WAS, OWASP ZAP, sqlmap, Paros Proxy, and Nikto. But nothing stands… more»
Find out what your peers are saying about PortSwigger, Acunetix, HCL and others in Application Security. Updated: November 2019.
382,745 professionals have used our research since 2012.
May 18 2019
What is most valuable?There are several features that I like about this solution. The most valuable feature is that it has support for add-ons where we can add extra little scripts to the tool… more»
How has it helped my organization?I don't have specific metrics but I can say that using this tool adds value.
What needs improvement?There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual. This would help us to better… more»
What's my experience with pricing, setup cost, and licensing?The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees.
Which solution did I use previously and why did I switch?We have always used Burp Suite because it is a well-known tool.
What other advice do I have?They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had… more»
Which other solutions did I evaluate?We considered using OWASP Zed Attack Proxy, which is open source. We decided to use this alongside the current solution, and also with IBM Security AppScan. This tool is… more»
Oct 01 2019
What is most valuable?The auto scanning feature provides really good details about issues that it finds. Crawling web applications using Burp Spider, Target Site Map, automating customized… more»
How has it helped my organization?In the early years, we did not check our web applications for security vulnerabilities before releasing them to customers. Since we began this practice for every… more»
What needs improvement?The Auto Scanning features should be updated more frequently and should include the latest attack vectors. It would be really helpful if the issue details contained… more»
What's my experience with pricing, setup cost, and licensing?There is no setup cost and the cost of licensing is affordable.
Which solution did I use previously and why did I switch?Prior to this solution, we used various open-source or free applications. We wanted to streamline and improve productivity by standardizing the products that we use.
What other advice do I have?All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to… more»
Which other solutions did I evaluate?We tested all of the free apps and could not find a stable all-in-one solution other than BurpSuite.
Aug 22 2019
What is most valuable?The solution is very user-friendly. The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately.
What needs improvement?The biggest drawback is reporting. It's not so good. I can download reports, but they're not so informative. For example, they are providing very good information about vulnerabilities, but when you are scanning the whole pathway, we want to see information like percentages, how much is finishing… more»
What other advice do I have?We use the on-premises deployment model. I would rate the solution seven out of ten.
Which other solutions did I evaluate?When we had an issue with scanning, we did look into exploring other options like OWASP Zap, Acunetix, etc. We stayed with Burp because we had it set up in our system, and then they had our scanning issue fixed.
Jun 07 2019
What is most valuable?The most valuable feature of this solution is the scanning functionality. Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them. Burp… more»
How has it helped my organization?This solution has done a lot to improve our organization. It allows us to be proactive and solve issues before our external auditors find them.
What needs improvement?I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory. Sometimes, the application is blocking. The reporting also needs improvement. Specifically, if there… more»
What's my experience with pricing, setup cost, and licensing?Our licensing cost is approximately $400 USD per year. There are no costs in addition to the standard licensing fees.
What other advice do I have?I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are… more»
Which other solutions did I evaluate?We did evaluate other options before choosing this solution.
Aug 21 2019
What is most valuable?The Spider is the most useful feature. It helps to analyze the entire web application and it finds all the passes and offers an automated identification of security issues.
How has it helped my organization?The solution helps to identify security issues quickly.
What needs improvement?The number of false positives needs to be reduced on the solution. I'm not sure whether some features need to be added because the product has a specific toolset, and if I do need some additional… more»
What's my experience with pricing, setup cost, and licensing?Licensing is paid on a yearly basis. The yearly cost is about $300.
Which solution did I use previously and why did I switch?Before Burp I was manually proxying the data myself. I have experience making my own tools for security assessment. Burp is pretty convenient, and it's one of the most popular tools, which is why I… more»
What other advice do I have?For application security testing, I would suggest Burp. It's probably the leader in this area. It's just like analog tools such as OWASP ZAP, which is open-source. OWASP ZAP is still not as effective… more»
Apr 16 2019
What is most valuable?In my opinion, all of the features seem to be of equal value really. I'm currently using the latest version.
How has it helped my organization?I use Burp Suite on my laptop in my room for my personal research study. Since I don't use it for corporate work or company research purposes I can't comment on how it has… more»
What needs improvement?The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.
What's my experience with pricing, setup cost, and licensing?My only advice for anyone looking for a personal use case for testing Web application security is this is a good option.
Which solution did I use previously and why did I switch?At work, I use an open source SAP solution. It's a free tool. It's a fully automated tool and it's fully furnished. Currently, I'm the only user and it's my job to analyze… more»
What other advice do I have?It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So… more»
Which other solutions did I evaluate?Before choosing this tool, no, I didn't evaluate any other options. I know what I wanted and I'm very happy with it.
See 1 More PortSwigger Burp Reviews
User Assessments By Topic About PortSwigger Burp
PortSwigger Burp Questions
Read Archived Reviews
What is PortSwigger Burp?
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Also known asBurp
PortSwigger Burp customers
Maven Security Consulting, OWASP Italy, Penetration Testing Firm