PortSwigger Burp Suite Enterprise Edition's new features released in the last two years are really good, so I won't say that I am not looking at any new features. The product's latest feature, which was really good, but had an issue since it allowed us in our company to put the proxy in the browser and then connect it with PortSwigger Burp Suite Enterprise Edition to get the calls resolved with the help of setup allowing for browser features inside PortSwigger Burp Suite Enterprise Edition.

I want PortSwigger Burp Suite Enterprise Edition to be available on the cloud, though my concerns stem from the fact that I don't know how an application hosted on the cloud can do a proxy for an application.

I can't recall what needs to be added to the solution to make it better, but I have seen that when I use the product, I feel that the tool needs to have a few elements added to it.

The cost per license per user could be cheaper, specifically for individual licensing.

It would be better if the solution is cloud-based. If it's installed on a server, we can access the solution even when we are working from home.

There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings.

The product needs to have the ability to evaluate more. 

There are lots of false positives. That is a bad part. It's something that they can work on.

If I'm scanning, I'm running a vulnerability scan and those libraries are there, sometimes those vulnerabilities of the libraries like Java or something gets reported, and sometimes it misses. That I have also raised with our team, however, they were not able to satisfy me in that aspect. Some Java libraries are outdated. It was showing vulnerability in an older version, in the older configuration. Once I updated my vulnerability scanner, and not that Java library, and still, vulnerability scanner missed that particular vulnerability. Regarding the binaries part. There was a lot of long technical discussion that has happened with the Enterprise support team. Too many times the vulnerability scan fails.

The solution is a bit expensive.

I'd like to see a DST, an image testing. Mobile also would be helpful. It would make the product a better player in the scanning part. 

There are lots of vulnerability scanners that are providing code analysis. They can increase it to be a competitive product in the market. 

We have looked at other solutions and products to add to get more tools. Code analysis, mobile, and APIs are becoming big on the market and this solution doesn't answer all of those needs just yet.

The stability of the scans could be improved.

There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives. 

The scan result is also unstable. In some applications, it'll basically give the frameworks, but the GRE is missing from it. It won't report some scans, and some results are substandard.

In the next release, I'm looking for a scanning tool that has SAST and DAST. For example, 
Veracode provides all those things. Burp Suite Enterprise Edition only provides vulnerability scanning like static analysis and dynamic analysis, software composition analysis, and practice applications. They should also offer more with different packages.

The implementation of the solution is quite complicated and could be easier.