PortSwigger Burp Archived Reviews (More than two years old)

Filter by:Reset all filters
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Consultant
Senior Information Security Analyst at a tech services company with 10,001+ employees
Dec 19 2017

What is most valuable?

Burp is the best web application penetration testing tool that I have ever used. Although all the features of Burp are very useful, I personally love its capability to… more»

How has it helped my organization?

The customer is almost all the time results-oriented and they want them real quick. Burp gives my organization a great authentic source of information on the security… more»

What needs improvement?

The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to… more»

What's my experience with pricing, setup cost, and licensing?

This is a value for money product.

Which solution did I use previously and why did I switch?

I have used a lot of tools for web application scanning and penetration testing -- like Qualys WAS, Nikto, OWASP ZAP proxy, Paros Proxy, DirBuster, Burp, etc. The reason… more»

What other advice do I have?

If you are looking for a single web application penetration testing solution at low cost, definitely give it a try. You can request a trial of the pro version from… more»

Which other solutions did I evaluate?

I am a consistent user of web application scanners and penetration testing solutions. I have used Qualys WAS, OWASP ZAP, sqlmap, Paros Proxy, and Nikto. But nothing stands… more»
Real User
Penetration Testing Advisor at a tech services company with 1,001-5,000 employees
Nov 07 2016

What is most valuable?

* Intruder - allows inserting predefined or custom payloads at chosen locations inside requests and analyzing results using custom filters; * Repeater - allows reissuing… more»

How has it helped my organization?

It provides unique features that help me quickly identify and exploit security vulnerabilities in web applications.

What needs improvement?

Some extra features are not available in the core product (WSDL parsing, SOAP calls, Error checks, Authorization bypass), but additional modules created by the community… more»

What's my experience with pricing, setup cost, and licensing?

I believe it has one of the lowest prices for commercial products ($~350 per user per year).

Which solution did I use previously and why did I switch?

I used many solutions but I found the best value, features and documentation in Burp.

What other advice do I have?

If you expect a product in which you input your website and click a scan button, Burp is not for you. Burp Suite Pro can perform an automatic scan, but the real power of… more»

Which other solutions did I evaluate?

Before choosing this product, I evaluated free products - Arachni, OWASP ZAP, w3af, Vega - and commercial products - Acunetix, Qualys Web Application Scanner.

What is PortSwigger Burp?

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Also known as
Burp
PortSwigger Burp customers

Maven Security Consulting, OWASP Italy, Penetration Testing Firm

BUYER'S GUIDE
Download our free PortSwigger Burp Report and get advice and tips from experienced pros sharing their opinions.