PortSwigger Burp Suite Enterprise Edition Reviews

Name: PortSwigger Burp Suite Enterprise Edition
Brand: PortSwigger
Rating: 4.0 (11 reviews)

4.0 out of 5

11 reviews
83% willing to recommend

What is PortSwigger Burp Suite Enterprise Edition?

Burp Suite Enterprise Edition is an automated web vulnerability scanner, designed to enable enterprises to scale security across their web portfolios and achieve DevSecOps. Automate trusted Burp scans, integrate web security testing with development, and free your application security to support software development.

Get the PortSwigger Burp Suite Enterprise Edition Buyer's Guide and find out what your peers are saying about PortSwigger Burp Suite Enterprise Edition, HCL AppScan, Fortify WebInspect and more!

PortSwigger Burp Suite Enterprise Edition is the #5 ranked solution in top Dynamic Application Security Testing (DAST) solutions and #21 ranked solution in top Vulnerability Management solutions. PeerSpot users give PortSwigger Burp Suite Enterprise Edition an average rating of 8.0 out of 10. Based on the analysis of the 11 most recent PortSwigger Burp Suite Enterprise Edition reviews, the overall sentiment is positive, with a sentiment score of 7.4. (Among the highest in the category). PortSwigger Burp Suite Enterprise Edition is most commonly compared to HCL AppScan: PortSwigger Burp Suite Enterprise Edition vs HCL AppScan. PortSwigger Burp Suite Enterprise Edition is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 17% of all views.

Buyer's Guide

PortSwigger Burp Suite Enterprise Edition

November 2024

Get the report

Helped 816,406 peers since 2012

Featured reviews

Iwegbue Godspower Isioma

Cyber Security Analyst at Platview Technologies

I recommend the solution to others. We can run SQL injection in Burp Suite Community Edition but not scan the websites. We would need Burp Suite Professional for it. We can use the solution to scan web applications and escalate vulnerabilities. We can do penetration testing on the vulnerabilities that are detected on the web application. The tool also provides other features that we can use to simulate attacks for learning purposes. Overall, I rate the tool a nine out of ten.

Read full review

Mustufa Bhavnagarwala

CyberRisk Solution Advisor at Deloitte

PortSwigger Burp Suite Enterprise Edition's new features released in the last two years are really good, so I won't say that I am not looking at any new features. The product's latest feature, which was really good, but had an issue since it allowed us in our company to put the proxy in the browser and then connect it with PortSwigger Burp Suite Enterprise Edition to get the calls resolved with the help of setup allowing for browser features inside PortSwigger Burp Suite Enterprise Edition. I want PortSwigger Burp Suite Enterprise Edition to be available on the cloud, though my concerns stem from the fact that I don't know how an application hosted on the cloud can do a proxy for an application. I can't recall what needs to be added to the solution to make it better, but I have seen that when I use the product, I feel that the tool needs to have a few elements added to it. The cost per license per user could be cheaper, specifically for individual licensing.

Read full review

Hasan Abufreiha

Cyber security enthusiast at a university with 51-200 employees

I would advise users to limit Burp Suite usage to specific scenarios and applications. Users should use the solution as an expert testing tool instead of using it as a general scanner or for information gathering in general. The tool might be overwhelming initially for new users, but it will be easy after you get used to the UI, features, and options. PortSwigger Burp Suite Enterprise Edition has been doing an amazing job for years compared to other similar tools. Overall, I rate the solution an eight out of ten.

Read full review

Valuable Features

PortSwigger Burp Suite Enterprise Edition offers dynamic scanning, web application assessments, CMDB and device discovery, ease of use, and a scalable design. Users appreciate its beginner-friendly interface, active scans, network call tracking, CI/CD integration, and automation capabilities. Parallel scans, seamless deployment in vCenter, extensions for expanded features, interception tools for call modification, and an intuitive UI enhance the experience. Regular updates and customizable scripting are also significant advantages.

"The most valuable part of it was probably the ability to intercept and modify calls."
"The solution's extensions really expand the capabilities and features offered by the installation."
"This tool helps identify vulnerabilities. We then provide the report to the developers, who address the issues identified automatically. Its most valuable feature is CI/CD integration."

Room for Improvement

PortSwigger Burp Suite Enterprise Edition faces challenges with false positives, scan stability, and complicated implementation. Users report missing Java vulnerabilities and outdated libraries. The need for improved SAST and DAST integration, cloud-based accessibility, and mobile testing is highlighted. Some users find the cost expensive and seek better scalability and static code analysis features. The current performance shows high memory consumption, and the licensing cost could be more affordable, especially for individual users.

"Scalability could be better."
"From my personal experience, the solution's performance could be improved."
"PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers."

ROI

Users highlight a significant return on investment with PortSwigger Burp Suite Enterprise Edition through its efficient automated scanning capabilities which drastically reduce manual efforts. Many emphasize improved web security postures and faster issue resolution times, leading to cost savings. They appreciate its ease of integration with CI/CD pipelines, contributing to streamlined workflows and enhanced security measures during development stages. The comprehensive reporting features aid in quick decision-making and prioritization of critical vulnerabilities.

Pricing

PortSwigger Burp Suite Enterprise Edition is viewed as an expensive option compared to the Professional version, which provides similar scanning features at a lower cost. Companies find the licensing fees, paid annually, to be high, often opting for the Professional edition due to cost efficiency. Although the tool offers valuable capabilities, its price can be challenging for small companies. Many users consider the Professional edition more appealing for their needs and budget.

"For Professional, it's about $400 per year."
"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."
"The tool's pricing is reasonable and costs around 400 dollars per year."

Popular Use Cases

PortSwigger Burp Suite Enterprise Edition is primarily used for web application security, including vulnerability assessments, penetration testing, and dynamic application scanning. Users employ it to test web applications, APIs, and mobile apps, intercepting traffic and identifying vulnerabilities such as SQL injection. This tool aids in manual and automated application assessments in various industries, including medical equipment manufacturing and IT solutions, contributing to security audits and auditing practices for significant entities.

Service and Support

PortSwigger Burp Suite Enterprise Edition users reported mixed experiences with customer service and support. Some found the technical support team quick to respond and efficient in providing assistance, while others noted dissatisfaction due to prolonged scanning processes despite guidance. Many users have not needed to contact support due to the straightforward nature of the software. In instances where help was sought, responses were timely and issues were generally uncomplicated.

Deployment

PortSwigger Burp Suite Enterprise Edition's initial setup is generally easy and straightforward. Many found deployment in vCenter or on-premises simple, taking between 10 to 48 hours. Some encountered challenges with the installation agent, requiring reboots, possibly due to specific system environments. Others noted effective support during setup. Users appreciated the process for both Community and Professional editions, highlighting ease after download and installation, briefly noting necessary licensing differences. Technical knowledge aids in smoother deployment.

Scalability

PortSwigger Burp Suite Enterprise Edition is considered scalable by users. Many users successfully manage various deployments, and multiple users in organizations utilize it efficiently. Licensing options allow for enhanced scalability by enabling several users with a single license. While some find its scalability satisfactory, others suggest integration with additional platforms for larger setups. Rating varies, with some users giving it a moderate to above-average score.

Stability

PortSwigger Burp Suite Enterprise Edition presents issues with stability, with reports of scans taking several days or failing unexpectedly. Users experience delays compared to other vulnerability scanners. While aspects of the tool are stable and updated regularly, these stability concerns affect users' schedules and commitments, especially in environments requiring quick scans. Despite some users reporting stable performance, others find it less reliable compared to alternatives like HP WebInspect, impacting its usability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our PortSwigger Burp Suite Enterprise Edition Buyer's Guide for additional reliable information.