PortSwigger Burp Room for Improvement

Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
In the earlier versions what we saw was that the REST API was something that needed to be improved upon but I think that has come in the new edition when I was reading through the release offset available. There is a certain amount of lead time for the tickets to get resolved. The biggest improvement that I would like to see from PortSwigger is what many people see as a need in their security testing that coudl be priortized and developed as a feature which can be useful. For example, if they're able to take these kinds of requests, group them, prioritize and show this is how the correct code path is going to be in the future, this is what we're going to focus around in building in the next six months or so. That could be something that will be really valuable for testers to have. View full review »
Manish Rana
Senior Information Security Analyst at a tech services company with 10,001+ employees
The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies. Even Burp does not have a direct and easy way of scanning REST based web services. There is a capability to scan SOAP based web services provided there is a WSDL available. So, to conclude active web services scanning is something that I would like to see as an improvement in Burp. View full review »
Rishi Kant
Senior Security Engineer at a insurance company with 10,001+ employees
There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual. This would help us to better understand the product, and we would not need to buy a separate book. In the next release, I want to see it more interactive and have more multitasking with some faster features. Sometimes scanning takes a long time, so they need to add more tricks to reduce the time spent in security testing. View full review »
Find out what your peers are saying about PortSwigger, Acunetix, HCL and others in Application Security. Updated: October 2019.
377,264 professionals have used our research since 2012.
The Auto Scanning features should be updated more frequently and should include the latest attack vectors. It would be really helpful if the issue details contained example recommendations on how to fix the issues identified, or perhaps point to external recommendations for reference. View full review »
Nidhi Chamotra
Business Analyst at a consultancy with 10,001+ employees
The biggest drawback is reporting. It's not so good. I can download reports, but they're not so informative. For example, they are providing very good information about vulnerabilities, but when you are scanning the whole pathway, we want to see information like percentages, how much is finishing, and how much it is not, etc. If the scan fails, they should tell us when or how it stopped, if it failed, why it has failed, and how to avoid something like this from happening again. They need something more in-depth and more technical. I would like to have some more features, which I can play around with. It's not so flexible. View full review »
Andrei Sandulescu
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees
I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory. Sometimes, the application is blocking. The reporting also needs improvement. Specifically, if there is an issue that exists on many pages, then I do not want to see the same thing repeated many times throughout the report. Rather, it should be pointed out as a global error, and only shown the one time. In the next version, I would like an option to scan the environment where the application is installed. I would also like a better cryptographic study, with more controls. View full review »
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees
The number of false positives needs to be reduced on the solution. I'm not sure whether some features need to be added because the product has a specific toolset, and if I do need some additional features, currently I get them in different security products. The solution, however, could better integrate with various other tools. View full review »
Security Analyst at a tech services company with 201-500 employees
The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved. View full review »
Ivan Biagi
Security Specialist at a tech consulting company with 1-10 employees
The scanner and crawler need to be improved. View full review »
Find out what your peers are saying about PortSwigger, Acunetix, HCL and others in Application Security. Updated: October 2019.
377,264 professionals have used our research since 2012.
Sign Up with Email