PortSwigger Burp Suite Professional Reviews

We are an IT organization. We use the solution for the security testing of applications. It helps us identify vulnerabilities in the applications.

The product has a good learning hub. It is good for beginners who want to learn security testing. The scan reports are good. They cover most things. The reports give details about the issues and suggest solutions. It's really useful for web applications. I use Intruder for brute-force attacks.

The product has a new API feature. It provides the scan report for APIs similar to the scan report we receive when we use web URLs. The vendor must provide documentation on how to use the new API feature. I did not find any guide on how to use the feature.

I have used the solution for two years.

I rate the product’s stability seven out of ten.

The product has limitations for mobile app security testing. We are unable to perform mobile app testing for Android and iOS.

I faced some login issues and contacted the support team, but the team could not provide a solution. I found the solution in the documentation.

Neutral

The tool is easy to install. All the steps are given in the documentation. The installation takes less than 10 to 15 minutes.

PortSwigger Burp Suite Professional is expensive compared to other tools. There are open-source tools available in the market. The cost of one PortSwigger license is expensive.

I have recommended the paid version of the tool in my current organization. Integrations with other tools are moderately easy.

Overall, I rate the product a seven out of ten.

The solution is primarily used for scanning the webpage and for the incoming traffic for the application.

The solution is most valuable for finding and developing the application. If there is leakage of data or some external links, we can deal with it.

The solution is stable.

The scalability is good.

The solution offers helpful technical support and has excellent documentation.

Sometimes the solution can run a little slow. When we’re cracking passwords, we have issues with responsiveness.

I used the solution for one year.

Mostly the solution is stable. Sometimes while using the password cracker, it took some time. Sometimes it gets a bit slow by adding up the number of rules. It took some time to crack the passwords of applications.

It is pretty easy to scale the product.

We had ten to 12 people using the solution. It was a small environment.

Technical support was excellent. They were very fast. They also offered good documentation which was very helpful to have on hand.

Positive

I started with Burp Suite. I’ve only used that. I haven't used anything other than that.

For the setup, on my end, I just got access via the organization when I first started using it. I haven't set up the entire cloud, the Burp Suite cloud. I used it by using some credentials only. Therefore, I'm not that good at setting up the enrollment.

The entire setup was done on the cloud. There were only three to four people needed for deployment and maintenance. They are well experienced in those areas.

The deployment part was entirely done by another team. We, as a team, used to test the application. We didn't know much about how the setup was arranged.

I’m not aware of the pricing side of things. It might have been paid monthly, however, I don’t know much more than that.

My company was parters with Portswigger.

I’m not sure which version of the solution we were using.

Everyone seems very happy with the solution. There are some learning modules as well so that we can go into the tool and understand it well. I would suggest the solution to my colleagues.

I’d rate the solution nine out of ten.

Our use cases are to identify the vulnerabilities of OAST and the other applications we are using. 

The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned.

Additionally, it has good reporting and dashboards and also integrates well with other task management applications that we're using.

One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that.

One more thing they can improve is that despite having a good architecture, it needs a lot of specification. So when you start a project, because it requires a high configuration, the instructor costs more than the project. So it's not cost efficient if it's a big project.

We have different versions of PortSwigger Burp Suite. For the past few years we have been using a professional edition, which is a desktop application. Now we are moving to the Cloud so we explored the enterprise edition. Although we haven't implemented it yet we're already using it. Now we have a better idea how their scanners and spiders actually work.

We've had a license for the professional version for the past two years.

In terms of scalability, I think they can increase the number of regions. And more importantly, it doesn't restrict based on the domains you are scanning. So even if tomorrow you suggest some working space, you can still scan the domains for the regions that you have. If you want to increase the number that you scan, you can buy some more. So scalability is not a big problem, but I think if you are scanning from your side, you have to get the license for some of those activities. That's domain based licensing.

Right now we have two or three people using it.

PortSwigger Burp's technical support is all right. The issues are resolved very quickly so we don't have to wait for long. They also provide you with documentation. Just by going through the documentation we can solve many of our problems.

The initial setup was straightforward. We can install it on a Linux machine. It was fast to set up.

PortSwigger Burp costs around $7,000 and around $2,309 for licensing.

On a scale of one to ten I would rate PortSwigger Burp a seven.

For it to be a 10 it would need to implement the above mentioned different formats for reporting and the interactive security testing.

Our primary use case for this solution is to perform application security testing.

I don't have specific metrics but I can say that using this tool adds value.

There are several features that I like about this solution. The most valuable feature is that it has support for add-ons where we can add extra little scripts to the tool to perform more automated testing.

I like using the Repeater feature to perform proxy testing, and the Repeaters have dashboards now. The add-ons are compatible with the dashboards, as well. 

There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual. This would help us to better understand the product, and we would not need to buy a separate book.

In the next release, I want to see it more interactive and have more multitasking with some faster features. Sometimes scanning takes a long time, so they need to add more tricks to reduce the time spent in security testing.

Stability-wise it is good.

It is possible to work on multiple projects at the same time. I have tried five or six, and it is working fine. I would agree that the scalability is very good, and we have not found a limit yet.

We have approximately thirty users for this solution and they are the testers. As our team grows, we'll need to buy more licenses.

We have used technical support three times, and each time received an email within twenty-four hours. They first try to understand the problem, and then after this, they provide step by step instructions for what to do. It's pretty easy.

We have always used Burp Suite because it is a well-known tool.

This solution is very easy to install and understand.

For a single user, it will take thirty to forty-five minutes. For our organization, it took between eight and nine hours.

We handled the implementation and deployment ourselves.

We have seen ROI with this product.

The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees.

We considered using OWASP Zed Attack Proxy, which is open source. We decided to use this alongside the current solution, and also with IBM Security AppScan.

This tool is more accurate than the other solutions that we use and reports fewer false positives.

They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there.

I would rate this solution a seven out of ten.

We use PortSwigger Burp Suite Professional for manual penetration testing.

PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up.

The technical support team's response time is mostly delayed and should be improved.

I have been using PortSwigger Burp Suite Professional for six to seven years.

PortSwigger Burp Suite Professional is a stable solution.

Around 500 to 600 users are using the solution in our organization.

The solution’s initial setup is quite easy.

PortSwigger Burp Suite Professional is worth its price.

PortSwigger Burp Suite Professional is an expensive solution.

Users should get the professional version for the solution because the community and the free edition do not have many things to offer. They should explore as much as possible, go for the web code application, and do the manual penetration testing.

PortSwigger Burp Suite Professional allows us to do everything from setting the proxy to getting our own browser. Some features were not there in Burp Suite earlier. We had to attach Chrome to the Burp Suite to the proxy, but now they have given everything in a single bundle.

Overall, I rate PortSwigger Burp Suite Professional ten out of ten.

I'm primarily using it for testing of the company's website.

The interface is good.

It is easy to use.

I am certified with the product and have a good understanding of it.

The usability is very good.

It offers very good accuracy. You can trust the results. 

It's good software that is great for a beginner to use.

It can scale. 

The product is stable and reliable. 

It works for me. I don't see any missing features. 

The solution is not easy to set it up. You need a lot of knowledge. I'd like to see more documentation. They need to provide more videos and more information about the solution. The website isn't as helpful as it could be. They need to provide more information and maybe provide courses to help people get the most out of it. 

For smaller organizations, the solution is expensive. 

I've been using the solution for two years. 

I'd rate the stability eight out of ten. It is pretty stable. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is very scalable. I'd rate the ability to extend ten out of ten.

Three people are using the solution.

I do not have any experience with technical support. I had a colleague who would deal with support.

I used to use OWASP Zap. It is a free solution. I moved to Burp as the accuracy rate was higher. We wanted something that provided correct information about errors. 

The initial setup was a bit difficult. For a beginner, it's tough to set up. I'd rate the solution three out of ten in terms of ease of setup. There isn't proper documentation to help you through the process. 

I cannot recall how long the deployment took. I watched a lot of videos and just went ahead with eh setup myself. 

The product doesn't require any maintenance. 

I handled the initial setup myself. I did not have any outside assistance. 

I have witnessed an ROI. It is worth the money.

It is a bit expensive for smaller companies. If you're using it in a small company or for your own purposes, it's costly. I'd rate the cost three out of ten in terms of affordability.

I'm not sure of the exact cost of the solution as I don't directly deal with licensing. 

I'm a customer. I'm using the professional version. It is the latest version. They always update it and provide me with the latest upgrades. 

I'd recommend the solution to others. It's very accurate and easy to use. 

I would rate the solution. Ten out of ten. 

We are using the latest version and are in the process of upgrading it. 

We use the solution for vulnerability assessment in respect of the application and the sites. We use the intruder part, which is essentially the Proxy part, to check whether any brute-force attacks can be undertaken. 

We wish that the Spider feature would appear in the same shape that it does in previous versions. 

I believe we have developmental tools such Accuratix. It would be nice if the report that was accepted upon scanning would highlight all the weaknesses from the perspective of my application. 

We have been using PortSwigger Burp Suite Professional for the last three years.

We have had no issues with the stability. 

As we only have a couple of licenses, we have not encountered any issues concerning the scalability. 

The technical support is all right. 

This said, we have requested support on a couple of occasions, specifically one concerning training relating to the new features and add-ons coming onto the application, and this is still outstanding. 

The initial setup is not very complex. Rather, it is easy and straightforward. 

For a country such as Sri Lanka, the pricing is not reasonable. 

There are around 10 people using the solution in our organization.

I don't have any advice off the cuff. When it comes to the web crawling features, it does not need to be in the same shape as before, but it would be nice if it allowed us to index associated things in the manner that we did so in the past. 

I rate PortSwigger Burp Suite Professional as a nine out of ten. 

The solution is the standard in application penetration testing and this is what we use it for.

I have found the best features to be the performance and there are a lot of additional plugins available.

I have been using the solution for approximately three years.

The solution is reliable, it is very stable.

The installation is straightforward and simple. It only takes minutes to install.

We did the deployment and one individual can do it, it is not complex. We have a team of three engineers and architects doing the deployments and maintenance.

The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them.

I would recommend this solution to others.

I rate PortSwigger Burp Suite Professional a ten out of ten.