PortSwigger Burp Suite Professional Valuable Features

Vijayanathan Naganathan
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd

I like the way the tool has been designed. Once I capture the proxy, I'm able to transfer across, all the requested information that is there. I can send across the request to the 'Repeater' feature. I put in malicious payloads and then see how the application responds to it.

More than that, the Repeater and Intruder are really awesome features on BurpSuite. For example, if I'm going to test for a SQL injection, I have certain payloads that are trying to break into the application. I make use of these predefined payloads which come as part of the tool are really useful for us to use and see how the application behaves. With the help of the BurpSuite tool, we are very well ahead to see if the application is going to break at any point in time.

So the Repeater and the Intruder, are great features that are there. More than that I think the entire community support is really fabulous. As well as of the number of plug-ins that people have written for the tool. Those have been standouts. Community support is really strong. We see a lot of plug-ins that are made available that work along with the tool.

View full review »
VishalDhamke
Lead Security Architect at SITA

The most valuable feature of Burp Suite is probably how we can intercept the request and response. We can manipulate a request and send it back to the server. Intercepting is one of the best features for sure. 

The scanner is excellent. The scanner is one of the good features. If you compare it to more expensive tools like WebInspect or IBM AppScan, you'll realize that, at a very low cost, Burp Suite can provide good results.

The is a good amount of documentation available online. The solution is stable.

The initial setup isn't too complex.

The solution offers some great extensions through a BApp store. Users can implement extensions and upload them to the BApp store.

The solution has a great user interface.

Its strong user community is always helpful when it comes to any problem regarding the tool.

View full review »
AA
reviewer1508730
Founder and Director at a financial services firm with 1-10 employees

The crawling capability is excellent.

The product has very good reporting capabilities. They give you multiple reporting options.

The solution has a variety of different extensions that you can use.

The solution has a pretty simple setup.

View full review »
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
501,151 professionals have used our research since 2012.
RK
Rishi Kant
Senior Security Engineer at a insurance company with 10,001+ employees

There are several features that I like about this solution. The most valuable feature is that it has support for add-ons where we can add extra little scripts to the tool to perform more automated testing.

I like using the Repeater feature to perform proxy testing, and the Repeaters have dashboards now. The add-ons are compatible with the dashboards, as well. 

View full review »
NC
reviewer1112304
IT Manager at a manufacturing company with 10,001+ employees

The solution is very user-friendly.

The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately. 

View full review »
Saminda Jayawardene
Compliance Manager at a tech services company with 201-500 employees

The traffic interception capabilities are great. Spidering also produced some good results for us.

View full review »
SivaPrakash
Senior Test Engineer II at a financial services firm with 201-500 employees

The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.

Additionally, it has good reporting and dashboards and also integrates well with other task management applications that we're using.

View full review »
MM
reviewer1223976
Cyber Security Specialist at a university with 10,001+ employees

The most valuable features are Burp Intruder and Burp Scanner.

The automatic scanning feature is helpful.

View full review »
reviewer1139067
User

The auto scanning feature provides really good details about issues that it finds.

Crawling web applications using Burp Spider, Target Site Map, automating customized attack with Burp Intruder, and manipulating parameters with Burp Repeater are the most useful and used features.

View full review »
Shrey Sethi
Penetration Tester at a tech services company with 1,001-5,000 employees

There are a lot of good features and the most valuable one varies depending on what test you are performing. They are also consistently improving and releasing new features.

Two of the most valuable features are the Extender Tab and Repeater.

With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp. It's not limited to their features because we can always add or do some customization of the features.

Even if you don't know how to code, there are hundreds of third-party plugins that are available to extend the features of the product. Some of them are open-source and there are some that are provided by Burp.

The user interface is good, having been changed within the past two years.

View full review »
KM
reviewer1293489
IT Security Analyst at a tech services company with 11-50 employees

I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.

View full review »
Andrei Sandulescu
IT Auditor & Compliance Officer at Intellimind

The most valuable feature of this solution is the scanning functionality. Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.

Burp Intruder is another very good feature in this solution.

View full review »
YC
reviewer1110963
Security consultant at a manufacturing company with 10,001+ employees

Their flagship feature would be the active scanner, which carries out an automated look up of any web vulnerabilities reflecting over to one of the main compliance standards, like OWASP. This provides an accurate security audit for their web applications.

View full review »
NC
reviewer1112304
IT Manager at a manufacturing company with 10,001+ employees

Burp has several good features; it's cheaper than other solutions and you can scan any number of applications and it updates its database. With the professional version, it creates a lot of applications which you can incorporate with your scanning and enable deep diving in the specific section. 

View full review »
RO
CyberSecAn08987
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees

The Spider is the most useful feature. It helps to analyze the entire web application and it finds all the passes and offers an automated identification of security issues.

View full review »
AG
reviewer1458246
Cyber Security Analyst at a tech services company with 11-50 employees

The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs. 

View full review »
SD
reviewer1471662
Lead Software Architect at a tech services company with 201-500 employees

Burp Suite is very helpful. The extension that it provides with the community version for the skills mapping is excellent.

View full review »
Ashutosh Barot
Security Researcher at a financial services firm with 5,001-10,000 employees

It's an amazing tool. We can work with it automatically, or we can work with it manually.

There is no other tool like it. I like the intuitiveness and the plugins that are available.

The plugins are similar to integration. I can create my own login and use it.

View full review »
AR
reviewer1261914
AVP - Software Quality Assurance at a tech services company with 201-500 employees

The suite testing models are very good. It's very secure.

View full review »
VR
reviewer1170114
Director at a consultancy with 10,001+ employees

The most valuable feature is the application security. It also has a reasonable price. 

It has an end product and a repeater. Other solutions don't offer options like these. 

View full review »
AK
Anton Krivonosov
Application Security Architect at a logistics company with 10,001+ employees

I have found the best features to be the performance and there are a lot of additional plugins available.

View full review »
IB
Ivan Biagi
Security Specialist at Alfa-A IT

The best feature that I've found is the built-in manual tools.

View full review »
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
501,151 professionals have used our research since 2012.