PortSwigger Burp Suite Professional Valuable Features

Anuradha.Kapoor Kapoor - PeerSpot reviewer
Head - Quality Control at Net Solutions

We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections.

And then get the results and analyze those results using the manual options available in the suite. And then, basically, close up.

So, in general, we find value in scanning features.

View full review »
Sonali Gedam - PeerSpot reviewer
Qulity Engineer at Lloyds Banking Group PLC

The solution scans web applications and supports APIs, which are the main features I really like. It is also user-friendly. We only have to integrate the proxy and give a URL, and then the solution starts intercepting and scanning all the pages of our application.

The solution is very user-friendly and easy to use. Once you start using it, you will understand everything because the details they have mentioned are super informative.

View full review »
PL
Cyber Security Consultant at Accenture

PortSwigger is a time-saver application. It has a webscanner feature. The regional agencies can help a lot in identifying potential vulnerabilities.

View full review »
Buyer's Guide
PortSwigger Burp Suite Professional
March 2024
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Anton Krivonosov - PeerSpot reviewer
Application Security Architect at Kuehne & Nagel Inc.

PortSwigger Burp Suite Professional is a standard tool in the security industry. It's a stable solution that has many features. You can download different plugins if you don't have them in the standard edition. You can also write your own plugins if you know how to do it.

View full review »
VinothKumar5 - PeerSpot reviewer
Senior Consultant at Hexaware Technologies Limited

The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.

View full review »
Prasenjit Roy - PeerSpot reviewer
Sr. Cloud Solution Architect - SAP on Azure at Accenture

For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host. 

View full review »
Rishi Anupam - PeerSpot reviewer
Senior Manager at Airtel

I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating.

View full review »
Amir Rahimian - PeerSpot reviewer
CEO/General Manager at Lian

The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price.

View full review »
SANGAM GOEL - PeerSpot reviewer
Chief Executive Officer at GS2 CYBER SECURITY

We are working with the community version, and it provides all the features we need.

It's good testing software. 

For application security, Burp Suite is one of the best solutions. It has all the proxy and all the features so that we can test all the application's vulnerabilities. 

They have an extension feature, so at intervals, they provide extensions that provide some helpful updates. They continuously update the product, and they continuously provide extensions. Through the extensions, we get new features at regular intervals.

The pricing is fine. 

We can customize and configure as needed.

We found the product to be quite stable. 

View full review »
AnkithKumar - PeerSpot reviewer
Application Security Consultant at a tech services company with 10,001+ employees

The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.

View full review »
Akshay Waghmare - PeerSpot reviewer
Manager at a consultancy with 10,001+ employees

PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up.

View full review »
ManishSingh - PeerSpot reviewer
Quality Manager at Net Solutions

The solution is quite helpful for session management and configuration. 

View full review »
Siddharth-Singhal - PeerSpot reviewer
Consultant at a consultancy with 10,001+ employees

Port Swigger enables automation of different tasks such as authorization testing. New extensions come in every day which can be used in Burp Suite while testing. 

View full review »
DC
Team Lead at dhabsc

The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good. 

The crawling functionality has improved, but I would say that in the past, the spider mechanism was more efficient than the current crawling method. 

Generally, I don't rely solely on the Burp Scanner, but I utilize BApp extensions to achieve better results than the standard scanner. Mostly, I always rely on external extensions, specifically those that provide better results.

View full review »
EA
President & Owner at Aydayev's Investment Business Group

I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis. You are able to do many different types of scans, such as SQL injection. There are a lot of deep packages analyzing functions that make this solution have more usability.

View full review »
RP
Cyber security Lead at PCS

Manual assessment in the tool is great.

View full review »
AM
Test Lead at a financial services firm with 10,001+ employees

It is a good manual penetration tool. It was easy to learn.

View full review »
MN
Security Tester at Ray Business Technologies Private Limited

The intercepting feature is the most valuable.


View full review »
NS
Cyber Security Engineer at a transportation company with 10,001+ employees

The most valuable feature is Burp Collaborator.

View full review »
Mouli Siramdasu - PeerSpot reviewer
Associate Consultant at ATOS

The solution is most valuable for finding and developing the application. If there is leakage of data or some external links, we can deal with it.

The solution is stable.

The scalability is good.

The solution offers helpful technical support and has excellent documentation.

View full review »
VN
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd

I like the way the tool has been designed. Once I capture the proxy, I'm able to transfer across, all the requested information that is there. I can send across the request to the 'Repeater' feature. I put in malicious payloads and then see how the application responds to it.

More than that, the Repeater and Intruder are really awesome features on BurpSuite. For example, if I'm going to test for a SQL injection, I have certain payloads that are trying to break into the application. I make use of these predefined payloads which come as part of the tool are really useful for us to use and see how the application behaves. With the help of the BurpSuite tool, we are very well ahead to see if the application is going to break at any point in time.

So the Repeater and the Intruder, are great features that are there. More than that I think the entire community support is really fabulous. As well as of the number of plug-ins that people have written for the tool. Those have been standouts. Community support is really strong. We see a lot of plug-ins that are made available that work along with the tool.

View full review »
SB
Quality Analyst at Hiup Solution

The interface is good.

It is easy to use.

I am certified with the product and have a good understanding of it.

The usability is very good.

It offers very good accuracy. You can trust the results. 

It's good software that is great for a beginner to use.

It can scale. 

The product is stable and reliable. 

View full review »
Anton Krivonosov - PeerSpot reviewer
Application Security Architect at Kuehne & Nagel Inc.

I have found the best features to be the performance and there are a lot of additional plugins available.

View full review »
VD
Lead Security Architect at a comms service provider with 1,001-5,000 employees

The most valuable feature of Burp Suite is probably how we can intercept the request and response. We can manipulate a request and send it back to the server. Intercepting is one of the best features for sure. 

The scanner is excellent. The scanner is one of the good features. If you compare it to more expensive tools like WebInspect or IBM AppScan, you'll realize that, at a very low cost, Burp Suite can provide good results.

The is a good amount of documentation available online. The solution is stable.

The initial setup isn't too complex.

The solution offers some great extensions through a BApp store. Users can implement extensions and upload them to the BApp store.

The solution has a great user interface.

Its strong user community is always helpful when it comes to any problem regarding the tool.

View full review »
RaviKumar21 - PeerSpot reviewer
Software Engineer at RadiSys

PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors.

View full review »
NS
Lead Cyber Security engineer at a manufacturing company with 10,001+ employees

This solution provides a very good mechanism for fixing interval time. For example, we can create a schedule, and the schedule runs on time. PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.

It is quite fast and easy to install as well.

It is also a budget-friendly tool.

View full review »
SS
Senior Test Engineer II at a financial services firm with 201-500 employees

The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.

Additionally, it has good reporting and dashboards and also integrates well with other task management applications that we're using.

View full review »
it_user787785 - PeerSpot reviewer
Senior Security Engineer at a insurance company with 10,001+ employees

There are several features that I like about this solution. The most valuable feature is that it has support for add-ons where we can add extra little scripts to the tool to perform more automated testing.

I like using the Repeater feature to perform proxy testing, and the Repeaters have dashboards now. The add-ons are compatible with the dashboards, as well. 

View full review »
RO
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees

The Spider is the most useful feature. It helps to analyze the entire web application and it finds all the passes and offers an automated identification of security issues.

View full review »
MM
Cyber Security Specialist at a university with 10,001+ employees

The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it.

View full review »
AJ
Cyber Security Analyst at a comms service provider with 10,001+ employees

The Intruder, Repeater, and Proxy features have been great.

The initial setup is simple.

It is an easily scalable product.

The solution is very stable. 

View full review »
NA
Chief Info Sec Engineer at Sri Lanka CERT

We use the solution for vulnerability assessment in respect of the application and the sites. We use the intruder part, which is essentially the Proxy part, to check whether any brute-force attacks can be undertaken. 

View full review »
SS
Penetration Tester at a tech services company with 1,001-5,000 employees

There are a lot of good features and the most valuable one varies depending on what test you are performing. They are also consistently improving and releasing new features.

Two of the most valuable features are the Extender Tab and Repeater.

With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp. It's not limited to their features because we can always add or do some customization of the features.

Even if you don't know how to code, there are hundreds of third-party plugins that are available to extend the features of the product. Some of them are open-source and there are some that are provided by Burp.

The user interface is good, having been changed within the past two years.

View full review »
NC
IT Manager at a manufacturing company with 10,001+ employees

Burp has several good features; it's cheaper than other solutions and you can scan any number of applications and it updates its database. With the professional version, it creates a lot of applications which you can incorporate with your scanning and enable deep diving in the specific section. 

View full review »
NC
IT Manager at a manufacturing company with 10,001+ employees

The solution is very user-friendly.

The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately. 

View full review »
AA
Founder and Director at a financial services firm with 1-10 employees

The crawling capability is excellent.

The product has very good reporting capabilities. They give you multiple reporting options.

The solution has a variety of different extensions that you can use.

The solution has a pretty simple setup.

View full review »
YC
Security consultant at a manufacturing company with 10,001+ employees

Their flagship feature would be the active scanner, which carries out an automated look up of any web vulnerabilities reflecting over to one of the main compliance standards, like OWASP. This provides an accurate security audit for their web applications.

View full review »
VR
Director at a consultancy with 10,001+ employees

The most valuable feature is the application security. It also has a reasonable price. 

It has an end product and a repeater. Other solutions don't offer options like these. 

View full review »
it_user496968 - PeerSpot reviewer
Penetration Testing Advisor at a tech services company with 1,001-5,000 employees
  • Intruder - allows inserting predefined or custom payloads at chosen locations inside requests and analyzing results using custom filters;
  • Repeater - allows reissuing requests to manually verify reported issues, changing parameters or issuing a specific sequence of requests to test for logic flaws;
  • Extender - allows installing additional modules from the BApp store, created by the community in Java, Python or Ruby;
View full review »
it_user492585 - PeerSpot reviewer
Information Systems Security Officer at a financial services firm with 1,001-5,000 employees
  • HTTP proxy for packet capture
  • Repeater
  • Intruder
  • Spider
  • Decoder
  • Comparer
View full review »
MM
Cyber Security Specialist at a university with 10,001+ employees

The most valuable features are Burp Intruder and Burp Scanner.

The automatic scanning feature is helpful.

View full review »
reviewer1139067 - PeerSpot reviewer
Works

The auto scanning feature provides really good details about issues that it finds.

Crawling web applications using Burp Spider, Target Site Map, automating customized attack with Burp Intruder, and manipulating parameters with Burp Repeater are the most useful and used features.

View full review »
KM
IT Security Analyst at a tech services company with 11-50 employees

I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.

View full review »
it_user704997 - PeerSpot reviewer
Senior Information Security Analyst at a tech services company with 10,001+ employees

Burp is the best web application penetration testing tool that I have ever used.

Although all the features of Burp are very useful, I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature.

Another, very interesting and quite extensible feature is Intruder. The way you can customize your payloads to suit your penetration testing needs is simply outstanding.

The best thing is that all features are available just out-of-the-box and at a very nominal price.

View full review »
SD
Lead Software Architect at a tech services company with 201-500 employees

Burp Suite is very helpful. The extension that it provides with the community version for the skills mapping is excellent.

View full review »
it_user245421 - PeerSpot reviewer
Senior Security Consultant at a tech services company with 501-1,000 employees
  • Proxy
  • Repeater
  • Intruder
  • Extender API (and plug-ins)
  • CSRF generator
View full review »
VC
Senior Cyber Security Analyst at a tech services company with 501-1,000 employees

The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool.

View full review »
SJ
Compliance Manager at a tech services company with 201-500 employees

The traffic interception capabilities are great. Spidering also produced some good results for us.

View full review »
AB
Security Researcher at a financial services firm with 5,001-10,000 employees

It's an amazing tool. We can work with it automatically, or we can work with it manually.

There is no other tool like it. I like the intuitiveness and the plugins that are available.

The plugins are similar to integration. I can create my own login and use it.

View full review »
AS
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees

The most valuable feature of this solution is the scanning functionality. Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.

Burp Intruder is another very good feature in this solution.

View full review »
AG
Cyber Security Analyst at a tech services company with 11-50 employees

The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs. 

View full review »
IB
Security Specialist at Alfa-A IT

The best feature that I've found is the built-in manual tools.

View full review »
JA
Security Analyst at a tech services company with 201-500 employees

In my opinion, all of the features seem to be of equal value really. I'm currently using the latest version.

View full review »
AR
AVP - Software Quality Assurance at a tech services company with 201-500 employees

The suite testing models are very good. It's very secure.

View full review »
Buyer's Guide
PortSwigger Burp Suite Professional
March 2024
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.