PortSwigger Burp Suite Professional Overview
What is PortSwigger Burp Suite Professional?
Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.
PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.
PortSwigger Burp Suite Professional is also known as Burp.
PortSwigger Burp Suite Professional Buyer's Guide
Download the PortSwigger Burp Suite Professional Buyer's Guide including reviews and more. Updated: May 2021
PortSwigger Burp Suite Professional Customers
Google, Amazon, NASA, FedEx, P&G, Salesforce
PortSwigger Burp Suite Professional Video
What users are saying about PortSwigger Burp Suite Professional pricing:
- "Licensing costs are about $450/year for one use. For larger organizations, they're able to test against multiple applications while simultaneously others might have multiple versions of applications which needs to be tested which is why we have the enterprise edition."
- "There are different licenses available that include a free version."
- "There is no setup cost and the cost of licensing is affordable."
- Highest Rating
- Lowest Rating
- Review Length
Showingreviews based on the current filters.
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Great design, excellent features like Intruder, Repeater, Decoder with plenty of plug-ins from community forums.
What is our primary use case?Clients come to me for an assessment of their web applications to see the risks that they are facing with their applications. They want to ensure that their application is free of being manipulated and also secure, so they reach out to us to do vulnerability assessment and application penetration testing. We make use of PortSwigger's BurpSuite tool carry this out. We look at it more from an application standpoint, what common vulnerabilities there are like the top 10 OWASP vulnerabilities like Injection(OS/SQL/CMD), broken authentication, session management, cross site request forgery… more »
Pros and Cons
- "Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
- "The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
What other advice do I have?The tool comes in three type. First, there is the Open Community Edition, which is meant for people who use it to learn the tool or use it to secure their system. This edition does not have scanning features enabled to source scan the against application URLs or websites. From the standpoint of learning about security tests or assessing the security of application without scanning, the community edition really helps. Then you also have a Professional edition which is more meant for doing comprehensive vulnerability assessment and penetration application which is very important. Especially for…
Best for manual penetration testing, a great user interface, and offers good scanning capabilities
What is our primary use case?It's an individual tool that security professionals use for their manual pen-testing. We use it for capturing the traffic, intercepting the traffic between the browser and the application. We try to manipulate the applications, the traffic so that whatever input that is accepted by the application is sanitized and validated. We try to analyze the application for input validation. All inputs are handled correctly. Another use case is having a scanner module built-in where you can browse the entire application. The scanner can continuously scan the application for vulnerabilities based on OWASP… more »
Pros and Cons
- "The solution has a great user interface."
- "It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
What other advice do I have?We are just customers and end-users. I'd advise other organizations that this solution is a pretty good tool for manual penetration testing. It has good features like the Scanner and Sequencer, Repeater, and there are extensions. Burp extensions are available where they can customize Burp behavior using their own or third-party code. Those features will be really useful for Burp users. It's also obviously a very cost-effective option. I would rate the solution at a nine out of ten.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
509,820 professionals have used our research since 2012.
Founder and Director at a financial services firm with 1-10 employees
Real UserTop 10
Feb 21, 2021
Great reporting with good crawling capability and offers a simple setup
What is our primary use case?We primarily use the solution for security testing - specifically for web-application security.
Pros and Cons
- "The solution has a pretty simple setup."
- "The pricing of the solution is quite high."
What other advice do I have?The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription. I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients. This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution. I'd recommend this solution. It's one more tool to have in your bag. I would rate the solution at a ten out of ten.
IT Manager at a manufacturing company with 10,001+ employees
A very user-friendly solution with good technical support, but it needs more advanced reporting.
What is our primary use case?We use the solution for scanning our in-house external facing website.
Pros and Cons
- "The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
- "The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
What other advice do I have?We use the on-premises deployment model. I would rate the solution seven out of ten.
Compliance Manager at a tech services company with 201-500 employees
Evaluate and ensure the security of web-based applications
What is our primary use case?We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application. Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications… more »
Pros and Cons
- "In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
- "A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
What other advice do I have?I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. On a scale from one to ten, I would give this solution a rating of eight. If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten. In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.
Senior Test Engineer II at a financial services firm with 201-500 employees
Finds vulnerabilities but is not always cost effective
What is our primary use case?Our use cases are to identify the vulnerabilities of OAST and the other applications we are using.
Pros and Cons
- "The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
- "One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
What other advice do I have?On a scale of one to ten I would rate PortSwigger Burp a seven. For it to be a 10 it would need to implement the above mentioned different formats for reporting and the interactive security testing.
Cyber Security Specialist at a university with 10,001+ employees
Jan 30, 2020
Intruder and automatic scanning features help secure our internal applications pre-production
What is our primary use case?This is a solution for which I provide services to our customers and I also use it personally. As part of our organization, we build internal applications. Before they are put into production, we run a suite of security tests to ensure that our applications are not vulnerable to any known issues. We use PortSwigger Burp for testing, as well as OSASP Zap. We do similar tests in multiple tools to make sure that we cover the entire set of use cases. I have this solution deployed as one user on a single machine, which is used by a designated security tester.
Pros and Cons
- "The most valuable features are Burp Intruder and Burp Scanner."
- "There should be a heads up display like the one available in OWASP Zap."
What other advice do I have?We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there. This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user. I would rate this solution an eight out of ten.
Real UserTop 20
Oct 1, 2019
Proactively assess our in-house software for vulnerabilities in advance of public release
What is our primary use case?We use this solution for the security assessment of web applications before their release to the internet. The security assessment team uses this product to identify vulnerabilities and vulnerable code that developers may introduce. We host all of the beta applications in our internal web servers and then the security team starts assessments when the development freezes.
Pros and Cons
- "BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
- "The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
What other advice do I have?All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to ensure that the applications released to the public internet will have better protection from malicious attackers.
See 12 more PortSwigger Burp Suite Professional Reviews
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions.
- Penetration Testing
- SQL Injection
- Primary Use Case
- Valuable Features
- Room for Improvement
- Is OWASP Zap better than PortSwigger Burp Suite Pro?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Is SonarQube the best tool for static analysis?
- SAST vs. DAST: Which is better for application security testing?
- What is the difference between Coverity and SonarQube?