We just raised a $30M Series A: Read our story
SD
Lead Software Architect at a tech services company with 201-500 employees
Real User
Top 20Leaderboard
Excellent Community version for skills mapping that is easy to setup and is stable

Pros and Cons

  • "The extension that it provides with the community version for the skills mapping is excellent."
  • "Currently, the scanning is only available in the full version of Burp, and not in the Community version."

What is our primary use case?

We use this solution when we develop any of our software applications and host it with the website for external clients. All of the applications go through the vulnerability scanner.

What is most valuable?

Burp Suite is very helpful. The extension that it provides with the community version for the skills mapping is excellent.

What needs improvement?

The interface for external clients needs improvement.

Currently, the scanning is only available in the full version of Burp, and not in the Community version.

I would like the scanning included for free also.

For how long have I used the solution?

We have been using this solution for a year and a half.

What do I think about the stability of the solution?

It's a stable solution. We have not had any issues.

How are customer service and technical support?

I have not contacted technical support. 

We have not experienced any issues where we couldn't resolve them using our internal team.

We have not required any technical support.

Which solution did I use previously and why did I switch?

When we compare it to other programs that we have such as OWAP Zap, we found Burp to be more suitable.

How was the initial setup?

The initial setup is straightforward.

It is very easy to automate. It requires some configuration that has you follow step by step instructions. 

It can take four to five hours to go live.

Anyone with minimal knowledge and training can use this tool.

What's my experience with pricing, setup cost, and licensing?

We are using the community version, which is free.

Which other solutions did I evaluate?

We evaluated OWASP Zap, which was fully open-source.

We use the community version and found that Burp was easier and more useful.

The interface is better in PortSwigger Burp.

What other advice do I have?

I would rate PortSwigger Burp an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ashutosh Barot
Security Researcher at a financial services firm with 5,001-10,000 employees
Real User
Top 5Leaderboard
Feature-rich and intuitive with good support, and it is reasonably-priced

Pros and Cons

  • "There is no other tool like it. I like the intuitiveness and the plugins that are available."
  • "The use of system memory is an area that can be improved because it uses a lot."

What is our primary use case?

We used this solution as a proxy. It's a software that intercepts HTTP requests. You can modify them on your system for testing web applications.

What is most valuable?

It's an amazing tool. We can work with it automatically, or we can work with it manually.

There is no other tool like it. I like the intuitiveness and the plugins that are available.

The plugins are similar to integration. I can create my own login and use it.

What needs improvement?

The use of system memory is an area that can be improved because it uses a lot. They need to reduce the amount of system memory it uses.

For how long have I used the solution?

I have been working with PortSwigger Burp for four years.

What do I think about the stability of the solution?

We can say that it is stable, but it is using a lot of RAM.

What do I think about the scalability of the solution?

It's a scalable solution.

We have more than 30 users in our organization.

How are customer service and technical support?

Technical support is good, they have a good response time.

How was the initial setup?

The initial setup is straightforward.

This solution requires no maintenance.

What's my experience with pricing, setup cost, and licensing?

PortSwigger is reasonably-priced. It's fair.

What other advice do I have?

They have more features than I can use and I need more time to utilize this solution 100%.

I highly recommend it because everybody in Web Applications Security is using it.

I would rate PortSwigger Burp a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,462 professionals have used our research since 2012.
AR
AVP - Software Quality Assurance at a tech services company with 201-500 employees
Real User
Top 10
Very secure with excellent suite testing models and an easy initial setup

What is our primary use case?

Currently, we're trying to import the solution to implement it to other applications for our website. So far, it's been fantastic.

What is most valuable?

The suite testing models are very good. It's very secure.

What needs improvement?

The solution isn't too stable. The fundamentals of it make it difficult to use. Sometimes it takes me to other applications that are being run. The scalability capabilities of the solution could be improved.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The stability is okay, but we are finding issues.

What do I think about the scalability of the solution?

The solution doesn't offer very good scalability.

How are

What is our primary use case?

Currently, we're trying to import the solution to implement it to other applications for our website. So far, it's been fantastic.

What is most valuable?

The suite testing models are very good. It's very secure.

What needs improvement?

The solution isn't too stable. The fundamentals of it make it difficult to use. Sometimes it takes me to other applications that are being run.

The scalability capabilities of the solution could be improved.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The stability is okay, but we are finding issues.

What do I think about the scalability of the solution?

The solution doesn't offer very good scalability.

How are customer service and technical support?

We haven't had to contact technical support.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution.

How was the initial setup?

The initial setup is straightforward. Deployment doesn't take more than two to three hours.

What about the implementation team?

We handled the implementation ourselves.

What other advice do I have?

We use the on-premises deployment model.

I'd rate the solution nine out of ten. I haven't compared it with other vendors, but it is a best-seller currently.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
VR
Director at a consultancy with 10,001+ employees
Real User
Top 10
Offers good application security features and is reasonably priced

What is most valuable?

The most valuable feature is the application security. It also has a reasonable price.  It has an end product and a repeater. Other solutions don't offer options like these. 

What needs improvement?

The Burp Collaborator needs improvement. There also needs to be improved integration. 

For how long have I used the solution?

I have been using PortSwigger Burp for the past six years. 

What do I think about the stability of the solution?

It's not so stable. Some of the security aspects aren't so stable. 

What do I think about the scalability of the solution?

Burp is scalable.  We have around 150 users using Burp at my company. We use it daily.  

How are customer service and technical support?

I haven't needed to contact their technical support.  …

What is most valuable?

The most valuable feature is the application security. It also has a reasonable price. 

It has an end product and a repeater. Other solutions don't offer options like these. 

What needs improvement?

The Burp Collaborator needs improvement. There also needs to be improved integration. 

For how long have I used the solution?

I have been using PortSwigger Burp for the past six years. 

What do I think about the stability of the solution?

It's not so stable. Some of the security aspects aren't so stable. 

What do I think about the scalability of the solution?

Burp is scalable. 

We have around 150 users using Burp at my company. We use it daily.  

How are customer service and technical support?

I haven't needed to contact their technical support. 

How was the initial setup?

The initial setup is simple. It only takes two to three minutes. 

What about the implementation team?

We are consultants so we do the implementation ourselves. 

It only requires one person for the implementation and maintenance. 

What's my experience with pricing, setup cost, and licensing?

It costs 39,000 including taxes per year. 

What other advice do I have?

I would recommend this solution to somebody considering Burp. 

I would rate it an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AK
Application Security Architect at a logistics company with 10,001+ employees
Real User
Top 5Leaderboard
High performance, abundant plugins, and reliable

What is our primary use case?

The solution is the standard in application penetration testing and this is what we use it for.

What is most valuable?

I have found the best features to be the performance and there are a lot of additional plugins available.

For how long have I used the solution?

I have been using the solution for approximately three years.

What do I think about the stability of the solution?

The solution is reliable, it is very stable.

How was the initial setup?

The installation is straightforward and simple. It only takes minutes to install.

What about the implementation team?

We did the deployment and one individual can do it, it is not complex. We have a team of three engineers and architects doing the deployments and maintenance.

What's my

What is our primary use case?

The solution is the standard in application penetration testing and this is what we use it for.

What is most valuable?

I have found the best features to be the performance and there are a lot of additional plugins available.

For how long have I used the solution?

I have been using the solution for approximately three years.

What do I think about the stability of the solution?

The solution is reliable, it is very stable.

How was the initial setup?

The installation is straightforward and simple. It only takes minutes to install.

What about the implementation team?

We did the deployment and one individual can do it, it is not complex. We have a team of three engineers and architects doing the deployments and maintenance.

What's my experience with pricing, setup cost, and licensing?

The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them.

What other advice do I have?

I would recommend this solution to others.

I rate PortSwigger Burp Suite Professional a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions.