Try our new research platform with insights from 80,000+ expert users
Security Tester at Ray Business Technologies Private Limited
Real User
Top 5Leaderboard
A Stable and Scalable Cloud-based Security Testing Software
Pros and Cons
  • "The intercepting feature is the most valuable."
  • "Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."

What is our primary use case?

The solution has improved the organisation as it helps with scanning and doing the reports for the developers. The solution also helps with communicating the everyday issues and delivering high security and web applications to the customers.


What is most valuable?

The intercepting feature is the most valuable.


What needs improvement?

Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release.


For how long have I used the solution?

The solution is used for scanning and doing reports for the developers.


Buyer's Guide
PortSwigger Burp Suite Professional
March 2025
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is a stable solution.


What do I think about the scalability of the solution?

It is a scalable solution. Ten specialists are working with Burp Suite Professional currently. We plan to increase the usage in the future. I rate the scalability an eight out of ten.


How are customer service and support?

The solution is implemented through a third-party team.


How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used Nessus, previously. Nessus helped with only OS and analysis but Burp Suite helps with application scanning, detecting vulnerabilities and expertisation.


How was the initial setup?

The initial setup is easy. The deployment is done under a professional, and it takes one hour to be deployed. We have to add our information to get our code directly into the box and then we scan their applications. A single person is required for the deployment. I rate the initial setup a ten out of ten.


What about the implementation team?

The solution is implemented through a third-party team.


What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is reasonable. We only need to pay for the annual subscription. I rate the pricing five out of ten.


What other advice do I have?

All the security issues and the integration of the vulnerabilities will happen automatically and manually in the website. So the solution will be very helpful for the website. I rate the overall solution a nine out of ten.


Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Business Development Manager at Intouch World
Reseller
Top 20
Enables efficient cost management and supports in-depth penetration testing
Pros and Cons
  • "The most valuable features of PortSwigger Burp Suite Professional are its ease of use and its cost efficiency."

    What is our primary use case?

    I primarily use PortSwigger Burp Suite Professional for penetration testing of applications.

    What is most valuable?

    The most valuable features of PortSwigger Burp Suite Professional are its ease of use and its cost efficiency.

    What needs improvement?

    The dashboard of PortSwigger Burp Suite Professional could be made more user-friendly.

    For how long have I used the solution?

    I have been using PortSwigger Burp Suite Professional for about eight to nine years.

    What do I think about the stability of the solution?

    PortSwigger Burp Suite Professional is a very stable tool, and I would rate its stability as eight out of ten.

    What do I think about the scalability of the solution?

    I would rate the scalability of PortSwigger Burp Suite Professional as eight out of ten.

    How are customer service and support?

    The technical support for PortSwigger Burp Suite Professional is pretty good, and I would give it a nine.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup of PortSwigger Burp Suite Professional is straightforward.

    What's my experience with pricing, setup cost, and licensing?

    I find the price of PortSwigger Burp Suite Professional to be very cost-efficient.

    What other advice do I have?

    I would recommend PortSwigger Burp Suite Professional to others. I would rate the overall solution as eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    PortSwigger Burp Suite Professional
    March 2025
    Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
    842,767 professionals have used our research since 2012.
    Tatyasaheb Patil - PeerSpot reviewer
    QA Lead at eLuminous Technologies Pvt. Ltd.
    Real User
    Top 20
    Provides good reports and a helpful learning hub, but details about the new features are not updated in the documentation
    Pros and Cons
    • "The product has a good learning hub."
    • "The vendor must provide documentation on how to use the new API feature."

    What is our primary use case?

    We are an IT organization. We use the solution for the security testing of applications. It helps us identify vulnerabilities in the applications.

    What is most valuable?

    The product has a good learning hub. It is good for beginners who want to learn security testing. The scan reports are good. They cover most things. The reports give details about the issues and suggest solutions. It's really useful for web applications. I use Intruder for brute-force attacks.

    What needs improvement?

    The product has a new API feature. It provides the scan report for APIs similar to the scan report we receive when we use web URLs. The vendor must provide documentation on how to use the new API feature. I did not find any guide on how to use the feature.

    For how long have I used the solution?

    I have used the solution for two years.

    What do I think about the stability of the solution?

    I rate the product’s stability seven out of ten.

    What do I think about the scalability of the solution?

    The product has limitations for mobile app security testing. We are unable to perform mobile app testing for Android and iOS.

    How are customer service and support?

    I faced some login issues and contacted the support team, but the team could not provide a solution. I found the solution in the documentation.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The tool is easy to install. All the steps are given in the documentation. The installation takes less than 10 to 15 minutes.

    What's my experience with pricing, setup cost, and licensing?

    PortSwigger Burp Suite Professional is expensive compared to other tools. There are open-source tools available in the market. The cost of one PortSwigger license is expensive.

    What other advice do I have?

    I have recommended the paid version of the tool in my current organization. Integrations with other tools are moderately easy.

    Overall, I rate the product a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Akshay Waghmare - PeerSpot reviewer
    Manager at a consultancy with 10,001+ employees
    Real User
    Top 5Leaderboard
    A stable and user-friendly solution that can be used for manual penetration testing
    Pros and Cons
    • "PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
    • "The technical support team's response time is mostly delayed and should be improved."

    What is our primary use case?

    We use PortSwigger Burp Suite Professional for manual penetration testing.

    What is most valuable?

    PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up.

    What needs improvement?

    The technical support team's response time is mostly delayed and should be improved.

    For how long have I used the solution?

    I have been using PortSwigger Burp Suite Professional for six to seven years.

    What do I think about the stability of the solution?

    PortSwigger Burp Suite Professional is a stable solution.

    What do I think about the scalability of the solution?

    Around 500 to 600 users are using the solution in our organization.

    How was the initial setup?

    The solution’s initial setup is quite easy.

    What was our ROI?

    PortSwigger Burp Suite Professional is worth its price.

    What's my experience with pricing, setup cost, and licensing?

    PortSwigger Burp Suite Professional is an expensive solution.

    What other advice do I have?

    Users should get the professional version for the solution because the community and the free edition do not have many things to offer. They should explore as much as possible, go for the web code application, and do the manual penetration testing.

    PortSwigger Burp Suite Professional allows us to do everything from setting the proxy to getting our own browser. Some features were not there in Burp Suite earlier. We had to attach Chrome to the Burp Suite to the proxy, but now they have given everything in a single bundle.

    Overall, I rate PortSwigger Burp Suite Professional ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Mouli Siramdasu - PeerSpot reviewer
    Associate Consultant at ATOS
    Vendor
    Reliable with helpful support and documentation
    Pros and Cons
    • "The solution is stable."
    • "Sometimes the solution can run a little slow."

    What is our primary use case?

    The solution is primarily used for scanning the webpage and for the incoming traffic for the application.

    What is most valuable?

    The solution is most valuable for finding and developing the application. If there is leakage of data or some external links, we can deal with it.

    The solution is stable.

    The scalability is good.

    The solution offers helpful technical support and has excellent documentation.

    What needs improvement?

    Sometimes the solution can run a little slow. When we’re cracking passwords, we have issues with responsiveness.

    For how long have I used the solution?

    I used the solution for one year.

    What do I think about the stability of the solution?

    Mostly the solution is stable. Sometimes while using the password cracker, it took some time. Sometimes it gets a bit slow by adding up the number of rules. It took some time to crack the passwords of applications.

    What do I think about the scalability of the solution?

    It is pretty easy to scale the product.

    We had ten to 12 people using the solution. It was a small environment.

    How are customer service and support?

    Technical support was excellent. They were very fast. They also offered good documentation which was very helpful to have on hand.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I started with Burp Suite. I’ve only used that. I haven't used anything other than that.

    How was the initial setup?

    For the setup, on my end, I just got access via the organization when I first started using it. I haven't set up the entire cloud, the Burp Suite cloud. I used it by using some credentials only. Therefore, I'm not that good at setting up the enrollment.

    The entire setup was done on the cloud. There were only three to four people needed for deployment and maintenance. They are well experienced in those areas.

    What about the implementation team?

    The deployment part was entirely done by another team. We, as a team, used to test the application. We didn't know much about how the setup was arranged.

    What's my experience with pricing, setup cost, and licensing?

    I’m not aware of the pricing side of things. It might have been paid monthly, however, I don’t know much more than that.

    What other advice do I have?

    My company was parters with Portswigger.

    I’m not sure which version of the solution we were using.

    Everyone seems very happy with the solution. There are some learning modules as well so that we can go into the tool and understand it well. I would suggest the solution to my colleagues.

    I’d rate the solution nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user787785 - PeerSpot reviewer
    Senior Security Engineer at a insurance company with 10,001+ employees
    Real User
    More accurate than other solutions we are using but can sometimes be slow to perform
    Pros and Cons
    • "This tool is more accurate than the other solutions that we use, and reports fewer false positives."
    • "There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."

    What is our primary use case?

    Our primary use case for this solution is to perform application security testing.

    How has it helped my organization?

    I don't have specific metrics but I can say that using this tool adds value.

    What is most valuable?

    There are several features that I like about this solution. The most valuable feature is that it has support for add-ons where we can add extra little scripts to the tool to perform more automated testing.

    I like using the Repeater feature to perform proxy testing, and the Repeaters have dashboards now. The add-ons are compatible with the dashboards, as well. 

    What needs improvement?

    There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual. This would help us to better understand the product, and we would not need to buy a separate book.

    In the next release, I want to see it more interactive and have more multitasking with some faster features. Sometimes scanning takes a long time, so they need to add more tricks to reduce the time spent in security testing.

    For how long have I used the solution?

    More than one year.

    What do I think about the stability of the solution?

    Stability-wise it is good.

    What do I think about the scalability of the solution?

    It is possible to work on multiple projects at the same time. I have tried five or six, and it is working fine. I would agree that the scalability is very good, and we have not found a limit yet.

    We have approximately thirty users for this solution and they are the testers. As our team grows, we'll need to buy more licenses.

    How are customer service and technical support?

    We have used technical support three times, and each time received an email within twenty-four hours. They first try to understand the problem, and then after this, they provide step by step instructions for what to do. It's pretty easy.

    Which solution did I use previously and why did I switch?

    We have always used Burp Suite because it is a well-known tool.

    How was the initial setup?

    This solution is very easy to install and understand.

    For a single user, it will take thirty to forty-five minutes. For our organization, it took between eight and nine hours.

    What about the implementation team?

    We handled the implementation and deployment ourselves.

    What was our ROI?

    We have seen ROI with this product.

    What's my experience with pricing, setup cost, and licensing?

    The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees.

    Which other solutions did I evaluate?

    We considered using OWASP Zed Attack Proxy, which is open source. We decided to use this alongside the current solution, and also with IBM Security AppScan.

    This tool is more accurate than the other solutions that we use and reports fewer false positives.

    What other advice do I have?

    They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there.

    I would rate this solution a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    reviewer1871559 - PeerSpot reviewer
    Application Security Enginee at a tech vendor with 1,001-5,000 employees
    Real User
    Top 20
    Has valuable scanner functionality and a simple setup process
    Pros and Cons
    • "One useful function is the ability to send requests to the repeater without making actual requests through the browser, allowing me to modify requests easily."
    • "One area for improvement is the integrated browser, Chromium. Single Sign-On (SSO) methods like Microsoft authentication login sometimes fail and show errors. As a workaround, I have to use a different browser, such as Firefox, to log in and make Burp work."

    What is our primary use case?

    We use the product primarily for application security. It helps us conduct scans and perform manual testing.

    What is most valuable?

    The platform's most valuable feature is the scanner. It also includes highly beneficial tools like the repeater and decoder. One useful function is the ability to send requests to the repeater without making actual requests through the browser, allowing me to modify requests easily. Additionally, the availability of various extensions, such as SQLite, adds to its value.

    What needs improvement?

    One area for improvement is the integrated browser, Chromium. Single Sign-On (SSO) methods like Microsoft authentication login sometimes fail and show errors. As a workaround, I have to use a different browser, such as Firefox, to log in and make Burp work.

    I suggest adding a static code analysis feature to Burp. A plugin developers could install in their Integrated Development Environments (IDEs), like Visual Studio, would be incredibly useful. It would allow developers to perform code scanning as they write code.

    For how long have I used the solution?

    I have been working with PortSwigger Burp Suite Professional for almost ten years.

    What do I think about the stability of the solution?

    I rate the product stability an eight out of ten. 

    What do I think about the scalability of the solution?

    There are approximately 10 to 15 users in my department or company using Burp. I rate the scalability an eight out of ten. 

    How are customer service and support?

    The technical support team resolved my issue, though it was not immediate. Since this experience was years ago, I haven't raised any support tickets recently.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    One free tool that I consider a good competitor to Burp is OWASP ZAP.

    While ZAP has the advantage of being open-source and cost-free, I would choose Burp for penetration testing. Burp is the best for this purpose, although ZAP is adequate for basic tasks, especially in companies where Burp Suite Professional is unavailable.

    How was the initial setup?

    The initial setup is simple. We use the desktop version, with the application installed on our local machines.

    What's my experience with pricing, setup cost, and licensing?

    The platform's pricing is reasonable. It is not very high, especially compared to other tools like Acunetix or Fortify, which are quite expensive.

    What other advice do I have?

    I recommend the solution to others and rate it a nine out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Anton Krivonosov - PeerSpot reviewer
    Application Security Architect at Kuehne & Nagel Inc.
    Real User
    Top 5
    High performance, abundant plugins, and reliable
    Pros and Cons
    • "I have found the best features to be the performance and there are a lot of additional plugins available."

      What is our primary use case?

      The solution is the standard in application penetration testing and this is what we use it for.

      What is most valuable?

      I have found the best features to be the performance and there are a lot of additional plugins available.

      For how long have I used the solution?

      I have been using the solution for approximately three years.

      What do I think about the stability of the solution?

      The solution is reliable, it is very stable.

      How was the initial setup?

      The installation is straightforward and simple. It only takes minutes to install.

      What about the implementation team?

      We did the deployment and one individual can do it, it is not complex. We have a team of three engineers and architects doing the deployments and maintenance.

      What's my experience with pricing, setup cost, and licensing?

      The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them.

      What other advice do I have?

      I would recommend this solution to others.

      I rate PortSwigger Burp Suite Professional a ten out of ten.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Buyer's Guide
      Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions.
      Updated: March 2025
      Buyer's Guide
      Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros sharing their opinions.