We are basically a service provider, so whatever application goes out of our office, we use this to ensure that it is covered from an application security standpoint. So we run it using the tool and scan the application. That's what majorly we are using Burp Suite for. But not only that, we can even run manual test cases by playing with the tool. So, we are using it extensively.

We have a quick firewall before PortSwigger Burp Suite Professional to test for SQL injection. Suppose the firewall is blocking some special characters. In that case, we can use Intruder to quickly identify which special character is blocked and which characters are enabled by feeding Intruder with a list of all possible special characters. We can also use Intruder to clock the use of some tools like Secure Map. We can feed Intruder with a list of SQL injection or XSS payloads and test the vulnerability directly. The scanner is handy in identifying vulnerabilities. SSTI vulnerabilities are within Burp Suite. It is a time saver and useful tool for most cybersecurity consultants and penetration tests.

This solution has helped our company in many ways. PortSwigger Acadamy has given us the knowledge to be able to do deeper tests. The effectiveness of the tests is directly proportional to your knowledge about security testing. Even if you do not have this knowledge at the beginning you still you can perform some kind of testing. If you do not know how to choose your payload then it is going to suggest the built-in payloads to which you can perform those test attacks.

You do not need to be an expert to use the solution, an intermediate skilled person can use it and over time they can become an expert. Sometimes it is difficult to find skilled employees to start working in this field for your company but with PortSwigger the new employee does not have to be an expert because they are able to grow quite quickly in their knowledge.

PortSwigger Burp Suite Professional has improved the organization by providing the security standards of the applications across the organization.

We can test the weakness or loopholes in the application an attacker can use. We have an internal team that conducts the pen-testing from a hacker's point of view and try to close the issue before it is opened to the internet.

The solution helps to automate API security assessments. It incorporates features of both black hat and red team engagements. We streamline bug bounty hunts. It helps in API testing, where manual intervention was previously necessary for each payload. With the new deck feature, Burp Suite enables automation accessible in the external tab. This feature allows testers to select specific targets, such as login or registration pages, and apply different attack vectors. It enhances efficiency, saving time and resources, which is beneficial when dealing with larger-scale web applications or numerous APIs.

I used this solution while working with a bank, and while it wasn't much of a DevSecOps tool, it was a good tool for penetration testing.

Burp Suite gives you a very good automated scanning tool, which gives you around sixty to seventy percent security coverage without having to use a security resource. Once the developer gets the report, they've got the PortSwigger lab to explain the vulnerability and have a POC right there, so it's very beneficial for developers.

We're an independent IT organization that specializes in vulnerability assessment and penetration testing, and we focus here on application security. This tool really helps me unearth security issues and vulnerabilities that are on the applications shared by my clients. Unearthing these issues really helps me build confidence and relationships with clients on two counts. First part is that, they want a reliable and robust tool with which we are able to unearth security issues in there. The second part of it is, I give them more confidence in their application securedness before they make a decision on going live.

I can't name customers, but I've been working with a US university education platform providing client for the last three years. Earlier we tried different tools but in the last couple of years, we stuck to the Burp Suite tool and year after year, we've been periodically doing the application security for them. The confidence has really leveraged the relationship to build the pipeline of business that I have. At the same time, the confidence that the customer in their platform going live has remained intact. That really helps me build accountability and it helps me put forward my organization as a strong security testing organization space.

PortSwigger Burp Suite Professional is a very good tool. The solution helped us discover vulnerabilities in our applications. Vulnerability elimination is the most important feature.

Request handling capacity, it do not handle huge chuck of requests as it freezes.

And obviously as all tool does Burp also gives some false positive results, vetting has to be done thoroughly.

It has partially improved the organization requirement however, The scanning mechanism is pretty slow and takes long duration to scan. Moreover, The server hangs up while scanning. 

I don't have specific metrics but I can say that using this tool adds value.

The solution helps to identify security issues quickly.

Features such as the Intruder, Repeater, and Proxy have helped our organization a lot.

It has been provide user direct access to users scan their websites and find vulnerability in good price. Burp is one of the most extensively used tool in org to do other security based investigations. We are trying to mitigate risk using vulnerabilities identified by Burp.

It provides unique features that help me quickly identify and exploit security vulnerabilities in web applications.

Burp Suite is a versatile tool for manual web application penetration testing; mainly used by skilled ethical hackers to test security of web-based applications. It helps capturing and modifying HTTP packets and variables, and observing the application’s response. It allows fuzzing the variable in an intuitive way, repeating the same method, crawling a web application, and similar functionalities.

In the early years, we did not check our web applications for security vulnerabilities before releasing them to customers. Since we began this practice for every application, our clients are really happy and value our work.

BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding. 

The customer is almost all the time results-oriented and they want them real quick.

Burp gives my organization a great authentic source of information on the security posture of web infrastructure.

PortSwigger launched a feature called Burp Extender, which enables organizations to use their own third-party code and integrate with Burp to use its capabilities and create their own customized results. This way, organizations do not need to worry about changing the reporting format and all. They will just get better results.

This is by far the best application assessment tool I have used. It is more usable and has more features than most of the enterprise tools that cost 10-100 times as much.

This solution has done a lot to improve our organization. It allows us to be proactive and solve issues before our external auditors find them. 

This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps.

I use Burp Suite on my laptop in my room for my personal research study. Since I don't use it for corporate work or company research purposes I can't comment on how it has improved my organization.