Cyber Security Specialist at a university with 10,001+ employees
Real User
2020-01-29T11:22:31Z
Jan 29, 2020
We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there. This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user. I would rate this solution an eight out of ten.
AVP - Software Quality Assurance at a tech services company with 201-500 employees
Real User
2020-01-19T06:38:00Z
Jan 19, 2020
We use the on-premises deployment model. I'd rate the solution nine out of ten. I haven't compared it with other vendors, but it is a best-seller currently.
For application security testing, I would suggest Burp. It's probably the leader in this area. It's just like analog tools such as OWASP ZAP, which is open-source. OWASP ZAP is still not as effective as Burp is. The solution helps to find different security issues, and it helps identify many, many security issues quickly, and that's what makes it such a useful tool. I would rate the solution seven out of ten.
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Real User
2019-07-08T07:42:00Z
Jul 8, 2019
The tool comes in three type. First, there is the Open Community Edition, which is meant for people who use it to learn the tool or use it to secure their system. This edition does not have scanning features enabled to source scan the against application URLs or websites. From the standpoint of learning about security tests or assessing the security of application without scanning, the community edition really helps. Then you also have a Professional edition which is more meant for doing comprehensive vulnerability assessment and penetration application which is very important. Especially for independent teams like ours who make use of tools based on tech, etc. The good part about the professional edition is that it comes with a term license which is cost-effective. You pay for an annual charge and use it for a year's time and then you can extend it on an as-needed basis. Apart from these, we also have an Enterprise Edition which has features like scan schedulers unlimited scalability to test across multiple websites in parallel, supporting multiple user access with role based access control and easy integration with CI tools. The very best way this tool can be used through is to understand the application, identify the various roles that are there in the application. Then capture the user flows, with Port Swigger's BurpSuite, and understand what the requests are making use of the different features in BurpSuite. Post this the teams look at and analyze all the requests being sent. Observe the requests, use various roles with the tool using a repeater and intruder, analyze what's breaking through in the application. As you can quickly analyze with the intruder out here how the application's really behaving, how the payload is being sent across the tool. Then you get a quick sense of what's available which could be checked through for false positives and then arrive at the final output along with it. This is how I would like to handle the implementation of the solution. I would rate this solution 10 out of 10.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to ensure that the applications released to the public internet will have better protection from malicious attackers.
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees
Real User
2019-06-06T08:18:00Z
Jun 6, 2019
I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are available. I would rate this solution a nine out of ten.
Senior Security Engineer at a insurance company with 10,001+ employees
Real User
2019-05-16T07:47:00Z
May 16, 2019
They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there. I would rate this solution a seven out of ten.
It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement. Great product. I rate this product a 9 out of 10 for its total package of value-added features.
Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.
PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to...
We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there. This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user. I would rate this solution an eight out of ten.
I would recommend this solution to somebody considering Burp. I would rate it an eight out of ten.
We use the on-premises deployment model. I'd rate the solution nine out of ten. I haven't compared it with other vendors, but it is a best-seller currently.
We use the on-premises deployment model. I would rate the solution seven out of ten.
For application security testing, I would suggest Burp. It's probably the leader in this area. It's just like analog tools such as OWASP ZAP, which is open-source. OWASP ZAP is still not as effective as Burp is. The solution helps to find different security issues, and it helps identify many, many security issues quickly, and that's what makes it such a useful tool. I would rate the solution seven out of ten.
The tool comes in three type. First, there is the Open Community Edition, which is meant for people who use it to learn the tool or use it to secure their system. This edition does not have scanning features enabled to source scan the against application URLs or websites. From the standpoint of learning about security tests or assessing the security of application without scanning, the community edition really helps. Then you also have a Professional edition which is more meant for doing comprehensive vulnerability assessment and penetration application which is very important. Especially for independent teams like ours who make use of tools based on tech, etc. The good part about the professional edition is that it comes with a term license which is cost-effective. You pay for an annual charge and use it for a year's time and then you can extend it on an as-needed basis. Apart from these, we also have an Enterprise Edition which has features like scan schedulers unlimited scalability to test across multiple websites in parallel, supporting multiple user access with role based access control and easy integration with CI tools. The very best way this tool can be used through is to understand the application, identify the various roles that are there in the application. Then capture the user flows, with Port Swigger's BurpSuite, and understand what the requests are making use of the different features in BurpSuite. Post this the teams look at and analyze all the requests being sent. Observe the requests, use various roles with the tool using a repeater and intruder, analyze what's breaking through in the application. As you can quickly analyze with the intruder out here how the application's really behaving, how the payload is being sent across the tool. Then you get a quick sense of what's available which could be checked through for false positives and then arrive at the final output along with it. This is how I would like to handle the implementation of the solution. I would rate this solution 10 out of 10.
All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to ensure that the applications released to the public internet will have better protection from malicious attackers.
I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are available. I would rate this solution a nine out of ten.
They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there. I would rate this solution a seven out of ten.
It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement. Great product. I rate this product a 9 out of 10 for its total package of value-added features.