PortSwigger Burp Suite Professional Overview

PortSwigger Burp Suite Professional is the #1 ranked solution in our list of top Fuzz Testing Tools. It is most often compared to OWASP Zap: PortSwigger Burp Suite Professional vs OWASP Zap

What is PortSwigger Burp Suite Professional?

Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

PortSwigger Burp Suite Professional is also known as Burp.

PortSwigger Burp Suite Professional Buyer's Guide

Download the PortSwigger Burp Suite Professional Buyer's Guide including reviews and more. Updated: April 2021

PortSwigger Burp Suite Professional Customers

Google, Amazon, NASA, FedEx, P&G, Salesforce

PortSwigger Burp Suite Professional Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Security Analyst at a tech services company with 201-500 employees
Very Well Suited for Personal Use

What is our primary use case?

My primary use case for this solution is designed around my own personal use. Burp Suite is a graphical tool for testing Web application security. The tool is written in Java.

Pros and Cons

  • ""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
  • "The Initial setup is a bit complex."

What other advice do I have?

It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement. Great product. I rate this product a 9 out of 10 for its total package of value-added features.
Senior Information Security Analyst at a tech services company with 10,001+ employees
Real User
Thanks to the availability in executable JAR format -- this makes it a highly portable solution

What is our primary use case?

Primarily, I use it for scanning the applications and as a proxy to capture and manipulate the application traffic. That is the most useful set of features I have seen in this tool.

Pros and Cons

  • "I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
  • "The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."

What other advice do I have?

If you are looking for a single web application penetration testing solution at low cost, definitely give it a try. You can request a trial of the pro version from PortSwigger if you would like to see the scanner capability in action. They will, of course, require organizational contacts. Almost all the other features are available in the free version, also.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
502,104 professionals have used our research since 2012.
Penetration Testing Advisor at a tech services company with 1,001-5,000 employees
Real User
The real power of the product lies in the modules that aid in manual testing.

What other advice do I have?

If you expect a product in which you input your website and click a scan button, Burp is not for you. Burp Suite Pro can perform an automatic scan, but the real power of the product lies in the modules that aid in manual testing. A few weeks are usually needed to read the documentation and ramp-up on all the features, for someone without previous experience.
Information Systems Security Officer at a financial services firm with 1,001-5,000 employees
Real User
It helps capturing and modifying HTTP packets and variables, and observing the application’s response.

What other advice do I have?

To effectively use Burp, you will need someone with enough technical hands on skills in ethical hacking and penetration testing.
Senior Security Consultant at a tech services company with 501-1,000 employees
It is the best all round solution for manual application testing but there are some stability problems directly related to Java.

What other advice do I have?

You get many features with the free product, but the real power is unlocked with the Pro version. The intruder is an amazing tool and makes the entire product worth purchasing, and the ability to perform automatic backups is well worth the small price of this product as well.
Buyer's Guide
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions.