2019-02-03T08:25:00Z

What advice do you have for others considering PortSwigger Burp?


If you were talking to someone whose organization is considering PortSwigger Burp, what would you say?

How would you rate it and why? Any other tips or advice?

Guest
1010 Answers

author avatar
Top 10LeaderboardReal User

We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there. This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user. I would rate this solution an eight out of ten.

2020-01-29T11:22:31Z
author avatar
Real User

I would recommend this solution to somebody considering Burp. I would rate it an eight out of ten.

2020-01-29T11:22:00Z
author avatar
Top 10LeaderboardReal User

We use the on-premises deployment model. I'd rate the solution nine out of ten. I haven't compared it with other vendors, but it is a best-seller currently.

2020-01-19T06:38:00Z
author avatar
Top 5LeaderboardReal User

We use the on-premises deployment model. I would rate the solution seven out of ten.

2019-08-22T05:49:00Z
author avatar
Top 10LeaderboardReal User

For application security testing, I would suggest Burp. It's probably the leader in this area. It's just like analog tools such as OWASP ZAP, which is open-source. OWASP ZAP is still not as effective as Burp is. The solution helps to find different security issues, and it helps identify many, many security issues quickly, and that's what makes it such a useful tool. I would rate the solution seven out of ten.

2019-08-19T05:47:00Z
author avatar
Top 5LeaderboardReal User

The tool comes in three type. First, there is the Open Community Edition, which is meant for people who use it to learn the tool or use it to secure their system. This edition does not have scanning features enabled to source scan the against application URLs or websites. From the standpoint of learning about security tests or assessing the security of application without scanning, the community edition really helps. Then you also have a Professional edition which is more meant for doing comprehensive vulnerability assessment and penetration application which is very important. Especially for independent teams like ours who make use of tools based on tech, etc. The good part about the professional edition is that it comes with a term license which is cost-effective. You pay for an annual charge and use it for a year's time and then you can extend it on an as-needed basis. Apart from these, we also have an Enterprise Edition which has features like scan schedulers unlimited scalability to test across multiple websites in parallel, supporting multiple user access with role based access control and easy integration with CI tools. The very best way this tool can be used through is to understand the application, identify the various roles that are there in the application. Then capture the user flows, with Port Swigger's BurpSuite, and understand what the requests are making use of the different features in BurpSuite. Post this the teams look at and analyze all the requests being sent. Observe the requests, use various roles with the tool using a repeater and intruder, analyze what's breaking through in the application. As you can quickly analyze with the intruder out here how the application's really behaving, how the payload is being sent across the tool. Then you get a quick sense of what's available which could be checked through for false positives and then arrive at the final output along with it. This is how I would like to handle the implementation of the solution. I would rate this solution 10 out of 10.

2019-07-08T07:42:00Z
author avatar
Top 20LeaderboardReal User

All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to ensure that the applications released to the public internet will have better protection from malicious attackers.

2019-07-07T00:05:00Z
author avatar
Top 5LeaderboardReal User

I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are available. I would rate this solution a nine out of ten.

2019-06-06T08:18:00Z
author avatar
Real User

They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there. I would rate this solution a seven out of ten.

2019-05-16T07:47:00Z
author avatar
Consultant

It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement. Great product. I rate this product a 9 out of 10 for its total package of value-added features.

2019-02-03T08:25:00Z
Learn what your peers think about PortSwigger Burp. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,517 professionals have used our research since 2012.