We used this solution as a proxy. It's a software that intercepts HTTP requests. You can modify them on your system for testing web applications.
Security Researcher at a financial services firm with 5,001-10,000 employees
Feature-rich and intuitive with good support, and it is reasonably-priced
Pros and Cons
- "There is no other tool like it. I like the intuitiveness and the plugins that are available."
- "The use of system memory is an area that can be improved because it uses a lot."
What is our primary use case?
What is most valuable?
It's an amazing tool. We can work with it automatically, or we can work with it manually.
There is no other tool like it. I like the intuitiveness and the plugins that are available.
The plugins are similar to integration. I can create my own login and use it.
What needs improvement?
The use of system memory is an area that can be improved because it uses a lot. They need to reduce the amount of system memory it uses.
For how long have I used the solution?
I have been working with PortSwigger Burp for four years.
Buyer's Guide
PortSwigger Burp Suite Professional
December 2024
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
We can say that it is stable, but it is using a lot of RAM.
What do I think about the scalability of the solution?
It's a scalable solution.
We have more than 30 users in our organization.
How are customer service and support?
Technical support is good, they have a good response time.
How was the initial setup?
The initial setup is straightforward.
This solution requires no maintenance.
What's my experience with pricing, setup cost, and licensing?
PortSwigger is reasonably-priced. It's fair.
What other advice do I have?
They have more features than I can use and I need more time to utilize this solution 100%.
I highly recommend it because everybody in Web Applications Security is using it.
I would rate PortSwigger Burp a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees
Proactively finds and solves issues before our external auditors do
Pros and Cons
- "Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
- "I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
What is our primary use case?
Our primary use for this solution is to perform vulnerability scanning before we deploy software in production.
How has it helped my organization?
This solution has done a lot to improve our organization. It allows us to be proactive and solve issues before our external auditors find them.
What is most valuable?
The most valuable feature of this solution is the scanning functionality. Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.
Burp Intruder is another very good feature in this solution.
What needs improvement?
I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory. Sometimes, the application is blocking.
The reporting also needs improvement. Specifically, if there is an issue that exists on many pages, then I do not want to see the same thing repeated many times throughout the report. Rather, it should be pointed out as a global error, and only shown the one time.
In the next version, I would like an option to scan the environment where the application is installed. I would also like a better cryptographic study, with more controls.
For how long have I used the solution?
Between two and three years.
What do I think about the stability of the solution?
This solution is very stable.
What do I think about the scalability of the solution?
I would say that this is a very scalable solution.
We do plan to increase our usage, but not beyond the Professional version. It is not our intention to move to the Enterprise version right now.
How are customer service and technical support?
I would rate their technical support a five out of five.
How was the initial setup?
The initial setup and deployment are straightforward and take very little time.
Only one person from the IT department is required for deployment and maintenance.
What about the implementation team?
We handled the implementation internally.
What's my experience with pricing, setup cost, and licensing?
Our licensing cost is approximately $400 USD per year. There are no costs in addition to the standard licensing fees.
Which other solutions did I evaluate?
We did evaluate other options before choosing this solution.
What other advice do I have?
I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are available.
I would rate this solution a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Buyer's Guide
PortSwigger Burp Suite Professional
December 2024
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Cyber Security Analyst at a tech services company with 11-50 employees
Good reporting, useful features, and great scalability
Pros and Cons
- "The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
- "One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
What is our primary use case?
We are an auditing company. We use this solution for auditing purposes for the infrastructure of our customers.
What is most valuable?
The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs.
What needs improvement?
One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome.
For how long have I used the solution?
I have been using this solution for more than a year.
What do I think about the stability of the solution?
It is stable. We didn't have any issues.
What do I think about the scalability of the solution?
Its scalability is great. We have almost five users who are using the product, and they're happy with this product.
How are customer service and technical support?
We've got very good support from their team.
Which solution did I use previously and why did I switch?
We previously used some open-source applications, but later on, we found out that, unfortunately, they are not good products. We had to use the applications of all other products separately in our environment, but PortSwigger can do all things itself. That's why we switched to PortSwigger.
How was the initial setup?
The initial setup was very simple.
What about the implementation team?
I implemented it on my own.
What's my experience with pricing, setup cost, and licensing?
It has a yearly license. I am satisfied with its price.
Which other solutions did I evaluate?
We did consider one more product and had a discussion about the product features. We found PortSwigger to be the best match for our business.
What other advice do I have?
It is a very good product. You must try it once.
I would rate PortSwigger Burp a nine out of ten. I am satisfied with this product. It is a great experience.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Specialist at Alfa-A IT
Built-in manual tools help with finding bugs and vulnerabilities
Pros and Cons
- "This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
- "The scanner and crawler need to be improved."
What is our primary use case?
I use this primarily for intercepting mobile HTTP and HTTPS requests with SSL pinning bypass. It's a better tool for manual tasks.
How has it helped my organization?
This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps.
What is most valuable?
The best feature that I've found is the built-in manual tools.
What needs improvement?
The scanner and crawler need to be improved.
For how long have I used the solution?
More than three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analyst at a tech services company with 201-500 employees
Very Well Suited for Personal Use
Pros and Cons
- ""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
- "The Initial setup is a bit complex."
What is our primary use case?
My primary use case for this solution is designed around my own personal use. Burp Suite is a graphical tool for testing Web application security. The tool is written in Java.
How has it helped my organization?
I use Burp Suite on my laptop in my room for my personal research study. Since I don't use it for corporate work or company research purposes I can't comment on how it has improved my organization.
What is most valuable?
In my opinion, all of the features seem to be of equal value really. I'm currently using the latest version.
What needs improvement?
The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
My impressions of the stability of the solution are quite good.
What do I think about the scalability of the solution?
My impressions of the scalability of the solution are good.
Which solution did I use previously and why did I switch?
At work, I use an open source SAP solution. It's a free tool. It's a fully automated tool and it's fully furnished. Currently, I'm the only user and it's my job to analyze this product.
How was the initial setup?
The initial setup was somewhat complex, to be honest.
What's my experience with pricing, setup cost, and licensing?
My only advice for anyone looking for a personal use case for testing Web application security is this is a good option.
Which other solutions did I evaluate?
Before choosing this tool, no, I didn't evaluate any other options. I know what I wanted and I'm very happy with it.
What other advice do I have?
It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement.
Great product. I rate this product a 9 out of 10 for its total package of value-added features.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AVP - Software Quality Assurance at a tech services company with 201-500 employees
Very secure with excellent suite testing models and an easy initial setup
Pros and Cons
- "The suite testing models are very good. It's very secure."
- "The solution doesn't offer very good scalability."
What is our primary use case?
Currently, we're trying to import the solution to implement it to other applications for our website. So far, it's been fantastic.
What is most valuable?
The suite testing models are very good. It's very secure.
What needs improvement?
The solution isn't too stable. The fundamentals of it make it difficult to use. Sometimes it takes me to other applications that are being run.
The scalability capabilities of the solution could be improved.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the stability of the solution?
The stability is okay, but we are finding issues.
What do I think about the scalability of the solution?
The solution doesn't offer very good scalability.
How are customer service and technical support?
We haven't had to contact technical support.
Which solution did I use previously and why did I switch?
We didn't previously use a different solution.
How was the initial setup?
The initial setup is straightforward. Deployment doesn't take more than two to three hours.
What about the implementation team?
We handled the implementation ourselves.
What other advice do I have?
We use the on-premises deployment model.
I'd rate the solution nine out of ten. I haven't compared it with other vendors, but it is a best-seller currently.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Application Security Tools Static Application Security Testing (SAST) Fuzz Testing ToolsPopular Comparisons
SonarQube Server (formerly SonarQube)
Checkmarx One
Fortify on Demand
Sonatype Lifecycle
Qualys Web Application Scanning
Tenable.io Web Application Scanning
Contrast Security Assess
Digital.ai Application Security
Buyer's Guide
Download our free PortSwigger Burp Suite Professional Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Is OWASP Zap better than PortSwigger Burp Suite Pro?
- What is the biggest difference between OWASP Zap and PortSwigger Burp?
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which application security solutions include both vulnerability scans and quality checks?
- We're evaluating Tripwire, what else should we consider?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
Yes, I agree with the points detailed in the review.