Try our new research platform with insights from 80,000+ expert users
PortSwigger Burp Suite Professional Logo

PortSwigger Burp Suite Professional pros and cons

Vendor: PortSwigger
4.3 out of 5
Badge Ranked 1
1,453 followers
Post review

Pros & Cons summary

PortSwigger Burp Suite Professional detects vulnerabilities effectively with trusted analysis. It offers tools like Burp Scanner and Intruder for comprehensive assessments. The Extender Tab enables custom plugin creation, enhancing scanning flexibility. It efficiently manages API scanning and session tracing, though integration can improve. Configurable scan options facilitate regular checks. Pricing and documentation need enhancement, with noted false positives and slow support response time affecting usability and resolution speed for tech buyers.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

PortSwigger Burp Suite Professional is praised for its automatic vulnerability detection capabilities, reducing false positives and enhancing security testing accuracy.
It offers a range of features such as Burp Scanner and Burp Intruder, which are highly valued for their effectiveness in security assessments.
Flexibility is enhanced with the ability to create custom plugins using the Extender Tab, which allows users to tailor the tool to their specific needs.
It features comprehensive web application analysis tools like the Spider and the Repeater, which facilitate thorough assessments and easy manipulation of requests.
PortSwigger Burp Suite Professional supports API testing and management, simplifying the processes involved in securing web applications.

CONS

PortSwigger Burp Suite Professional needs improved integration capabilities and CI/CD process linking.
Reporting features are insufficiently informative and lack diverse formats such as PDF.
The overall pricing is considered too expensive and could be adjusted.
Burp Suite generates a considerable number of false positives that require attention.
Documentation and user manuals are inadequate, necessitating further guidance for users.
 

PortSwigger Burp Suite Professional Pros review quotes

VN
Jan 2, 2020
Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it.
Read full review
Anuradha.Kapoor Kapoor - PeerSpot reviewer
Aug 10, 2023
We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections.
Read full review
reviewer1526550 - PeerSpot reviewer
Mar 12, 2021
The solution has a great user interface.
Read full review
Buyer's Guide
PortSwigger Burp Suite Professional
November 2024
Free Report: PortSwigger Burp Suite Professional Reviews and More
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
DC
Aug 1, 2023
The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good.
Read full review
it_user704997 - PeerSpot reviewer
Dec 19, 2017
I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature.
Read full review
reviewer1871559 - PeerSpot reviewer
May 29, 2022
The initial setup is simple.
Read full review
reviewer1508730 - PeerSpot reviewer
Feb 19, 2021
The solution has a pretty simple setup.
Read full review
it_user787785 - PeerSpot reviewer
May 16, 2019
This tool is more accurate than the other solutions that we use, and reports fewer false positives.
Read full review
reviewer1112304 - PeerSpot reviewer
Jan 22, 2020
The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately.
Read full review
VinothKumar5 - PeerSpot reviewer
Jun 23, 2021
The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.
Read full review
Show 10 more reviews (out of 58)
 

PortSwigger Burp Suite Professional Cons review quotes

VN
Jan 2, 2020
The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired.
Read full review
Anuradha.Kapoor Kapoor - PeerSpot reviewer
Aug 10, 2023
There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it.
Read full review
reviewer1526550 - PeerSpot reviewer
Mar 12, 2021
It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated.
Read full review
Buyer's Guide
PortSwigger Burp Suite Professional
November 2024
Free Report: PortSwigger Burp Suite Professional Reviews and More
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
816,406 professionals have used our research since 2012.
DC
Aug 1, 2023
I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions.
Read full review
it_user704997 - PeerSpot reviewer
Dec 19, 2017
The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies.
Read full review
reviewer1871559 - PeerSpot reviewer
May 29, 2022
We'd like to have more integration potential across all versions of the product.
Read full review
reviewer1508730 - PeerSpot reviewer
Feb 19, 2021
The pricing of the solution is quite high.
Read full review
it_user787785 - PeerSpot reviewer
May 16, 2019
There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual.
Read full review
reviewer1112304 - PeerSpot reviewer
Jan 22, 2020
The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative.
Read full review
VinothKumar5 - PeerSpot reviewer
Jun 23, 2021
There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.
Read full review
Show 10 more reviews (out of 56)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Fuzz Testing Tools

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs PortSwigger Burp Suite Professional Logo
SonarQube Server (formerly SonarQube) vs PortSwigger Burp Suite Professional
Veracode vs PortSwigger Burp Suite Professional Logo
Veracode vs PortSwigger Burp Suite Professional
GitLab vs PortSwigger Burp Suite Professional Logo
GitLab vs PortSwigger Burp Suite Professional
Checkmarx One vs PortSwigger Burp Suite Professional Logo
Checkmarx One vs PortSwigger Burp Suite Professional
Snyk vs PortSwigger Burp Suite Professional Logo
Snyk vs PortSwigger Burp Suite Professional
Mend.io vs PortSwigger Burp Suite Professional Logo
Mend.io vs PortSwigger Burp Suite Professional
Fortify on Demand vs PortSwigger Burp Suite Professional Logo
Fortify on Demand vs PortSwigger Burp Suite Professional
Sonatype Lifecycle vs PortSwigger Burp Suite Professional Logo
Sonatype Lifecycle vs PortSwigger Burp Suite Professional
Acunetix vs PortSwigger Burp Suite Professional Logo
Acunetix vs PortSwigger Burp Suite Professional
HCL AppScan vs PortSwigger Burp Suite Professional Logo
HCL AppScan vs PortSwigger Burp Suite Professional
Qualys Web Application Scanning vs PortSwigger Burp Suite Professional Logo
Qualys Web Application Scanning vs PortSwigger Burp Suite Professional
Tenable.io Web Application Scanning vs PortSwigger Burp Suite Professional Logo
Tenable.io Web Application Scanning vs PortSwigger Burp Suite Professional
Fortify Application Defender vs PortSwigger Burp Suite Professional Logo
Fortify Application Defender vs PortSwigger Burp Suite Professional
Nucleus vs PortSwigger Burp Suite Professional Logo
Nucleus vs PortSwigger Burp Suite Professional
Contrast Security Assess vs PortSwigger Burp Suite Professional Logo
Contrast Security Assess vs PortSwigger Burp Suite Professional
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Fuzz Testing Tools

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs PortSwigger Burp Suite Professional Logo
SonarQube Server (formerly SonarQube) vs PortSwigger Burp Suite Professional
Veracode vs PortSwigger Burp Suite Professional Logo
Veracode vs PortSwigger Burp Suite Professional
GitLab vs PortSwigger Burp Suite Professional Logo
GitLab vs PortSwigger Burp Suite Professional
Checkmarx One vs PortSwigger Burp Suite Professional Logo
Checkmarx One vs PortSwigger Burp Suite Professional
Snyk vs PortSwigger Burp Suite Professional Logo
Snyk vs PortSwigger Burp Suite Professional
Mend.io vs PortSwigger Burp Suite Professional Logo
Mend.io vs PortSwigger Burp Suite Professional
Fortify on Demand vs PortSwigger Burp Suite Professional Logo
Fortify on Demand vs PortSwigger Burp Suite Professional
Sonatype Lifecycle vs PortSwigger Burp Suite Professional Logo
Sonatype Lifecycle vs PortSwigger Burp Suite Professional
Acunetix vs PortSwigger Burp Suite Professional Logo
Acunetix vs PortSwigger Burp Suite Professional
HCL AppScan vs PortSwigger Burp Suite Professional Logo
HCL AppScan vs PortSwigger Burp Suite Professional
Qualys Web Application Scanning vs PortSwigger Burp Suite Professional Logo
Qualys Web Application Scanning vs PortSwigger Burp Suite Professional
Tenable.io Web Application Scanning vs PortSwigger Burp Suite Professional Logo
Tenable.io Web Application Scanning vs PortSwigger Burp Suite Professional
Fortify Application Defender vs PortSwigger Burp Suite Professional Logo
Fortify Application Defender vs PortSwigger Burp Suite Professional
Nucleus vs PortSwigger Burp Suite Professional Logo
Nucleus vs PortSwigger Burp Suite Professional
Contrast Security Assess vs PortSwigger Burp Suite Professional Logo
Contrast Security Assess vs PortSwigger Burp Suite Professional
See all alternatives
Related questions
  • 3,215
Is OWASP Zap better than PortSwigger Burp Suite Pro?
  • 59
What is the biggest difference between OWASP Zap and PortSwigger Burp?
  • 998
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 107
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 212
What are the Top 5 cybersecurity trends in 2022?
  • 176
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 28
Which application security solutions include both vulnerability scans and quality checks?
  • 78
We're evaluating Tripwire, what else should we consider?
  • 2,254
Is SonarQube the best tool for static analysis?
  • 48
Why Do I Need Application Security Software?