PortSwigger Burp Suite Professional Reviews

We are using the solution for web application testing. From Burp Suite, we can test the application security. We have a team of system auditors, and our auditors use Burp Suite.

We are working with the community version, and it provides all the features we need.

It's good testing software. 

For application security, Burp Suite is one of the best solutions. It has all the proxy and all the features so that we can test all the application's vulnerabilities. 

They have an extension feature, so at intervals, they provide extensions that provide some helpful updates. They continuously update the product, and they continuously provide extensions. Through the extensions, we get new features at regular intervals.

The pricing is fine. 

We can customize and configure as needed.

We found the product to be quite stable. 

It's already great. There isn't anything needed for improvement. 

The initial setup is a bit complex. 

I've used the solution for three years. 

The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution can scale. It's per system. If you are using it on 100 systems, you must install it on all 100 systems. It's not like you install a central product, and you scale. It's not the client-server architecture; you must install it on every system if you want to test.

We have two or three users on the solution.

We've never escalated any issues to technical support. I've never directly dealt with them.

This is among the best in comparison to all other tools. If we compare it to Zap, et cetera, Burp Suite is the best among those. There's also Nikto and lots of tools available. We prefer to work with Burp as Burp Suite is like a framework. It has lots of tools in-built. Therefore, we can do multiple tasks on a single platform from a single framework. It's like a one-stop shop.

The solution is a little bit complex. It's not exactly straightforward. 

The deployment itself was a pretty easy process. It was quick.

We do not find it difficult to maintain the solution.

We handled the initial setup ourselves in-house. 

We use the community version. It's free.

Pricing is not very high. It was around $200.

They have some licenses, and features and they have some different categories. I need to go through the sites, however, I know they have different versions.

We are using Burp Suite. We are not selling Burp Suite.

At this time, we're using the most up-to-date version of the product.

I'd recommend the solution to others. I would rate it ten out of ten.

We use PortSwigger Burp Suite Professional for security. I'm a security tester and I need it for my daily activities, I require it.

PortSwigger Burp Suite Professional has improved the organization by providing the security standards of the applications across the organization.

We can test the weakness or loopholes in the application an attacker can use. We have an internal team that conducts the pen-testing from a hacker's point of view and try to close the issue before it is opened to the internet.

The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.

PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try.

I have been using PortSwigger Burp Suite Professional for approximately two years.

The reliability of PortSwigger Burp Suite Professional is good. It doesn't hang very much, and it doesn't get stuck anywhere, it is reliable.

PortSwigger Burp Suite Professional is scalable. You can add in-scope items, and remove any items that are not on the scope.

We have approximately 30 people using the solution in my organization. We have managers, consultants, and senior consultants using it. If our testers increase the number of users will increase and then we will increase our usage of this solution.

I have not needed to use the support from PortSwigger Burp Suite Professional.

I was previously using OWASP Zap.

The initial setup of PortSwigger Burp Suite Professional was simple. It can be done in approximately three minutes.

I rate the initial setup of PortSwigger Burp Suite Professional a five out of five.

I did the implementation of PortSwigger Burp Suite Professional myself.

If there is a software update it is fairly simple to upgrade. There is a lot of reference material online. 

There are multiple versions available of PortSwigger Burp Suite, such as enterprise, commercial, professional, and beginners.

My company has paid for the license for the solution. The price of the solution could be less expensive.

This is one of the best solutions in the market. I would advise others to try this solution out.

I rate PortSwigger Burp Suite Professional a nine out of ten.

We use PortSwigger Burp Suite Professional for manual penetration testing.

PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up.

The technical support team's response time is mostly delayed and should be improved.

I have been using PortSwigger Burp Suite Professional for six to seven years.

PortSwigger Burp Suite Professional is a stable solution.

Around 500 to 600 users are using the solution in our organization.

The solution’s initial setup is quite easy.

PortSwigger Burp Suite Professional is worth its price.

PortSwigger Burp Suite Professional is an expensive solution.

Users should get the professional version for the solution because the community and the free edition do not have many things to offer. They should explore as much as possible, go for the web code application, and do the manual penetration testing.

PortSwigger Burp Suite Professional allows us to do everything from setting the proxy to getting our own browser. Some features were not there in Burp Suite earlier. We had to attach Chrome to the Burp Suite to the proxy, but now they have given everything in a single bundle.

Overall, I rate PortSwigger Burp Suite Professional ten out of ten.

We use it for application security testing purposes. We scan our solutions and then look for issues in them. Upon finding the issues, we send them to the development team who fixes them. However, we use Burp Suite only for a specific client, hence we only have one license and limited use.

The solution is quite helpful for session management and configuration. 

In the Professional version, we cannot link it with the CI/CD process. This feature is included in the enterprise version. Also, it doesn’t have a dashboard to preview the number of issues that were found. A dashboard showing previous issues and their status will be better. These all are enterprise features which are extremely expensive.

I have been using Burp Suite for two years.

It is a stable product. 

It is a scalable solution. We currently have only one to two people using Burp Suite for specific clients.

The customer support is good, however, I haven’t used other tools. It is difficult to compare it and other solutions might provide better support.

I personally don’t use a lot of tools except AWS for general clients.

Burp Suite is easy to set up and takes only five to ten minutes. The installation can be done by one person only. The maintenance isn’t very hard to do.

It is a cheap solution, but it may not be cheaper than other solutions.

I would advise others to also try other tools. As I have only used Burp Suite as an application security solution, I cannot comment on other tools. However, between JAP and Burp Suite, I would surely recommend Burp Suite. Overall, I would rate it an eight out of ten.

We use PortSwigger to find simple bugs via authorization and authentication testing. It's about preventing attacks. Burp Suite enables you to drill down and check all test cases, irrespective of the application on which it's built. We are customers of PortSwigger and I'm a consultant.

Port Swigger enables automation of different tasks such as authorization testing. New extensions come in every day which can be used in Burp Suite while testing. 

In general, there's not much to complain about but the stability of the tool is not good enough. I know that the RAM utilization is something they're working on but using a scan currently takes up too much memory. Resource utilization is an issue because when you're application testing, there are multiple threats and multiple application requests that are going in the backend.

I've been using this solution for four years. 

The stability could be improved. 

The scalability is quite good because PortSwigger can be used by multiple users through Jenkins and other things. 

The technical support is quite good. 

Positive

The initial setup is not that difficult because there's good documentation on the PortSwigger website. Our employees each installed on their own machine, it's an executable file. 

Return on investment is good because it's a globally known product. All our  customers know Burp Suite. There's a return on investment because it's a major tool necessary for performing any manual or automation testing.

The licensing cost depends on the number of users. One person can use the tool on a single laptop that can be shared between multiple users under a single license. We have around 15 users. We pay an annual license fee that includes technical support, it's not that expensive. They also provide a free community version. 

I recommend this solution and rate it seven out of 10 because it offers multiple features.

The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good. 

The crawling functionality has improved, but I would say that in the past, the spider mechanism was more efficient than the current crawling method. 

Generally, I don't rely solely on the Burp Scanner, but I utilize BApp extensions to achieve better results than the standard scanner. Mostly, I always rely on external extensions, specifically those that provide better results.

I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. 

The crawling techniques used in the current version are not as efficient as those used in earlier versions.

We have been using it for seven to eight years now. We have Burp Suite Professional and Burp Suite Enterprise Edition listed in our database.

We use the latest 2023 version. 

I would rate the stability an eight out of ten. If people know how to perfectly use it, it is a stable solution. For freshers, it is tough. 

I would rate the scalability a six out of ten. The primary reason is the high number of false positives compared to actual positives. 

Additionally, understanding the scan configuration can be challenging for newcomers. While experienced users can effectively scale their scanning techniques, those with limited experience may find it difficult to understand the process and identify the root causes of errors. 

Moreover, configuring proxy settings can be complex, leading to difficulties for some users. Overall, there are significant areas for improvement in terms of scalability, particularly in enhancing user understanding and reducing false positives. However, compared to other application security tools, Burp Suite still performs well.

There are around three end users using this solution in our company.

I haven't had the opportunity to interact with their technical team directly. However, the blogs are very informative and provide a wealth of solutions. In most cases, I've been able to resolve issues myself based on the information provided in their documentation. 

For the documentation or web security resources, I would rate it seven out of ten. Burp Suite effectively addresses user concerns and provides clear explanations. The technical blogs are also well-written and address concerns.

I have experience with Burp Suite Professional and Zap Framework. I've used them for a variety of application security testing tasks, including vulnerability scanning, penetration testing, and threat modeling.

I haven't had the need to explore other tools. I've been using Burp Suite since the beginning of my career, and it has consistently met my requirements. I've used other tools in lab settings, but Burp Suite remains my preference.

I would rate my experience with the initial setup of Burp Suite Professional an eight out of ten, with one being difficult and ten being easy.

The deployment was quite quick, only about ten minutes. It requires minimal staff. Anyone can install it on their own requiring administrator privileges. It can be installed on any system and with any version. 

However, the only caveat is that we need to obtain the license from the procurement team. So, it's easy to set up.

I would rate the pricing a one out of ten, with one being cheap and ten being expensive. The pricing is very reasonable and minimal.

First and foremost, I would suggest others thoroughly understand the fundamentals of Burp Suite and how to utilize its extensions effectively. 

Additionally, I would recommend learning about proxy settings and various authentication mechanisms. 

Lastly, I would emphasize the importance of carefully reviewing and configuring scan configurations to minimize false positives and ensure optimal scan performance.

Considering its capabilities and performance compared to other tools, I would give Burp Suite Professional an eight out of ten. 

I was working in internet banking in the Middle East and we used Zap for light testing and we used Burp Suite for more deep protocol and package review of the security.

I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis. You are able to do many different types of scans, such as SQL injection. There are a lot of deep packages analyzing functions that make this solution have more usability.

There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment. The user interface is pretty basic and if you want to do more advanced operations you need to know more technical details, which are not publicly available. You need to get in touch with different engineers or somebody that publishes their experience in a book to be able to get the knowledge in how to use this solution to its fullest.

I have been using this solution for approximately four years.

This is a stable solution when comparing it to competitors.

I have used Zap and it is lightweight compare to this solution's functions. 

The setup is a bit complex.

This solution requires a license. It is expensive but you receive a lot of functionality for the price.

My advice to others is if you have one small web server and static pages, you can easily use Zap. However, if it is a more complex environment, with a payment system, with a lot of content, and has many defined user rules, it is better to use Burp Suite.

I rate PortSwigger Burp Suite Professional a nine out of ten.

We use the solution for scanning and manual penetration testing. We have a verification and security assessment as a dynamic security assessment for manual application testing.

The solution helps to automate API security assessments. It incorporates features of both black hat and red team engagements. We streamline bug bounty hunts. It helps in API testing, where manual intervention was previously necessary for each payload. With the new deck feature, Burp Suite enables automation accessible in the external tab. This feature allows testers to select specific targets, such as login or registration pages, and apply different attack vectors. It enhances efficiency, saving time and resources, which is beneficial when dealing with larger-scale web applications or numerous APIs.

Manual assessment in the tool is great.

Scanning needs to be improved in enterprise and professional versions. The enterprise version has challenges related to scheduled scans. If a scan fails after two days without notification during offline periods, that time is lost. Sometimes, it took up to 24 hours to realize that certain tests had failed for various reasons. There's significant room for improvement in automating scans.

I have been using PortSwigger Burp Suite Professional for more than 10 years.

The product is a good tool for application assessment.

I rate the solution’s stability an eight-point five out of ten.

The automation features in Burp Suite For vulnerability assessment and penetration testing may not be as extensive as other tools like NetSparker. Other tools may offer more comprehensive capabilities, especially in areas such as source code. Features like capture and OTP testing might be more robustly supported in other tools. There may be limitations in automation with Burp Suite Professional. NetSparker could be more suitable for tasks like two-factor authentication testing.

Four to five are using this solution.

The professional version is not very scalable, whereas the enterprise version is scalable. I can run multiple scans.

Technical support is good.

Positive

We have used Netsparker and WebInspect. WebInspect is very difficult to operate.

The initial setup takes more than a week. The professional version is a plug-and-play.

There is a Java package that you can easily use without installing it.

The product is cheap compared to other products.

I rate the product’s pricing a seven out of ten, where one is expensive and ten is cheap.

We have an infrastructure and DevOps team of eight to ten people for solution maintenance.

Reporting is good and very light. The response is fine.

I recommend the solution for dynamic assessment.

Overall, I rate the solution a nine out of ten.