Senior Cyber Security Analyst at a tech services company with 201-500 employees
Real User
Top 10
2024-10-09T15:07:00Z
Oct 9, 2024
Burp Suite has started a certification called Burp Suite Certified Professional (BSCP) that I recommend to pursue as it provides good documentation. I'd rate the solution nine out of ten.
Security Consultant - Cyber & Information Security at Kinetic IT
Consultant
Top 10
2024-04-17T06:41:00Z
Apr 17, 2024
it does give you ability to run easily various attack types , such as Sniper, Pitchfork attack, Battering RAM, Cluster bomb and various other attack types, which can be used to test Web application. Overall, I rate the solution an eight out of ten.
Burp Intruder does not work if there are multiple requests for a single API. I will recommend the tool to others. Overall, I rate the solution a ten out of ten.
You can enhance web features with Burp Suite because it works well with many plugins. There is a large community around it that develops custom plugins. You can integrate these plugins into your app to quickly identify various vulnerabilities. There are both free and paid plugins available. We build apps exclusively with Burp Suite Professional. There are many tools available to assist with vulnerability management. You can download and export Burp Scanner output and load it into a vulnerability management tool. This allows developers to track vulnerabilities and manage the process of correcting them, providing status updates to management. Overall, I rate the solution a ten out of ten.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
Application Security Architect at Kuehne & Nagel Inc.
Real User
Top 5
2024-01-17T11:27:51Z
Jan 17, 2024
PortSwigger Burp Suite Professional is a great product for people who need security features. Overall, I rate PortSwigger Burp Suite Professional ten out of ten.
Test Lead at a financial services firm with 10,001+ employees
Real User
Top 5
2023-10-31T10:42:22Z
Oct 31, 2023
The solution is not a good candidate for a DevSecOps tool. I recommend this solution for manual penetration testers. It is the best tool with the best support. PortSwigger has added plugins to efficiently catch bugs, for example, HTTP request smuggling. There are a lot of plugins, such as how to hide the JWT token. These plugins minimize the effort required by manual penetration testers so they can find bugs quickly with the help of these plugins. They have good support if anybody wants to learn how to use and install plugins. There is a lot of documentation available online. I rate PortSwigger Burp Suite Professional an eight out of ten.
I would say if price-wise you are looking for a good solution, then Burp Suite is the solution. But, obviously, if the price is not a reason, then I would rather like them to go to Acunetix. PortSwigger is definitely much better than OWASP Zap. It's easier to use, but you end up spending time. Like, my security personnel had to spend almost more than half a day to just analyze those bugs and then create a report for the development to fix it. And separate all those bugs, which are not even bugs, right, and figure it out and it takes time. Overall, I would rate the solution a seven out of ten.
I have not found many defects in my application of the solution. However, I'm unsure whether the application is very stable and has no security issues, or if the tool we are using is not catching any defects. The solution is user-friendly, and we can perform security testing, so I recommend the tool. It is very easy to understand, requires less maintenance, and you don't require any support since installation is very quick. I rate the solution a seven out of ten.
I recommend the solution for small and medium-sized businesses. It’s not suited for large enterprises. Everything depends on the cost. A customer with a high budget should go for solutions like Nessus. However, a more cost-effective solution like Burp Suite is recommended if they have a limited budget. My final recommendation is to use the solution that suits your needs. Overall, I rate the solution a five out of ten.
All the security issues and the integration of the vulnerabilities will happen automatically and manually in the website. So the solution will be very helpful for the website. I rate the overall solution a nine out of ten.
PortSwigger Burp Suite Professional is a very good product. My experience with the solution has been very good. Overall, I rate PortSwigger Burp Suite Professional an eight out of ten.
I'm a customer. I'm using the professional version. It is the latest version. They always update it and provide me with the latest upgrades. I'd recommend the solution to others. It's very accurate and easy to use. I would rate the solution. Ten out of ten.
We are using Burp Suite. We are not selling Burp Suite. At this time, we're using the most up-to-date version of the product. I'd recommend the solution to others. I would rate it ten out of ten.
Cyber Security Specialist at a university with 10,001+ employees
Real User
2022-09-20T11:35:42Z
Sep 20, 2022
I would recommend the solution to technical professionals and non-technical persons. It is easy to use. I rate PortSwigger Burp Suite Professional a nine out of ten.
My company was parters with Portswigger. I’m not sure which version of the solution we were using. Everyone seems very happy with the solution. There are some learning modules as well so that we can go into the tool and understand it well. I would suggest the solution to my colleagues. I’d rate the solution nine out of ten.
I'm just a customer and an end-user. We're using the latest version of the solution. We usually give an auto-update functionality. All the updates came automatically. We are updating it automatically. We actually have an .EXE file in our system. We have the professional version. We've downloaded and given out the access key. It's on-premises, not the cloud. Overall, I've been very happy with the solution. I'd rate it nine out of ten.
Sr. Cloud Solution Architect - SAP on Azure at Accenture
Real User
2022-05-02T17:41:30Z
May 2, 2022
I would tell potential users that if they want to go for penetration testing, PortSwigger Burp Suite Professional is the obvious choice. On a scale from one to ten, I would give PortSwigger Burp Suite Professional an eight.
Cyber Security Engineer at a transportation company with 10,001+ employees
Real User
Top 20
2022-04-27T08:20:36Z
Apr 27, 2022
I would say Burp Suite has now surpassed SAP as a tool. The main aspect of Burp Suite is that it's like an army knife for a hacker, it's not just the automation or the scanning that it brings. For a person with 80-90% knowledge of application security, this tool is a must-have. I would rate Burp Suite nine out of ten.
There are around 10 people using the solution in our organization. I don't have any advice off the cuff. When it comes to the web crawling features, it does not need to be in the same shape as before, but it would be nice if it allowed us to index associated things in the manner that we did so in the past. I rate PortSwigger Burp Suite Professional as a nine out of ten.
Lead Cyber Security engineer at a manufacturing company with 10,001+ employees
Real User
2021-06-08T14:31:23Z
Jun 8, 2021
If you're looking for a budget-friendly tool, I would recommend PortSwigger Burp Suite Professional. On a scale from one to ten, I would rate this tool at seven.
Lead Security Architect at a comms service provider with 1,001-5,000 employees
Real User
2021-03-09T10:00:42Z
Mar 9, 2021
We are just customers and end-users. I'd advise other organizations that this solution is a pretty good tool for manual penetration testing. It has good features like the Scanner and Sequencer, Repeater, and there are extensions. Burp extensions are available where they can customize Burp behavior using their own or third-party code. Those features will be really useful for Burp users. It's also obviously a very cost-effective option. I would rate the solution at a nine out of ten.
Founder and Director at a financial services firm with 1-10 employees
Real User
2021-02-19T19:16:37Z
Feb 19, 2021
The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription. I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients. This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution. I'd recommend this solution. It's one more tool to have in your bag. I would rate the solution at a ten out of ten.
IT Security Analyst at a tech services company with 11-50 employees
Real User
2021-01-07T19:25:07Z
Jan 7, 2021
It is a really big solution. There are so many modules. You got to have some training to do it properly and go through a lot of documentation. I would rate PortSwigger Burp a nine out of ten. I haven't found anything to complain about, but there is always some room for improvement.
Cyber Security Analyst at a tech services company with 11-50 employees
Real User
2020-11-27T15:20:34Z
Nov 27, 2020
It is a very good product. You must try it once. I would rate PortSwigger Burp a nine out of ten. I am satisfied with this product. It is a great experience.
Compliance Manager at a tech services company with 201-500 employees
Real User
2020-10-15T11:35:00Z
Oct 15, 2020
I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. On a scale from one to ten, I would give this solution a rating of eight. If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten. In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.
Security consultant at a manufacturing company with 10,001+ employees
Real User
2020-10-13T07:21:39Z
Oct 13, 2020
I would definitely recommend PortSwigger as a primary tool for auditing any open vulnerabilities of anything related to web applications. I would rate this product an eight out of 10.
Security Researcher at a financial services firm with 5,001-10,000 employees
Real User
2020-10-13T07:21:32Z
Oct 13, 2020
They have more features than I can use and I need more time to utilize this solution 100%. I highly recommend it because everybody in Web Applications Security is using it. I would rate PortSwigger Burp a nine out of ten.
Senior Test Engineer II at a financial services firm with 201-500 employees
Real User
2020-10-11T08:58:00Z
Oct 11, 2020
On a scale of one to ten I would rate PortSwigger Burp a seven. For it to be a 10 it would need to implement the above mentioned different formats for reporting and the interactive security testing.
Penetration Tester at a tech services company with 1,001-5,000 employees
Real User
2020-09-03T07:49:50Z
Sep 3, 2020
This is a standard tool in this industry and anybody who is doing application security testing should be aware of it. My advice for anybody who is considering it is that it is very easy to install and configure, and there is lots of documentation available. I would rate this solution a nine out of ten.
Cyber Security Specialist at a university with 10,001+ employees
Real User
2020-01-29T11:22:31Z
Jan 29, 2020
We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there. This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user. I would rate this solution an eight out of ten.
AVP - Software Quality Assurance at a tech services company with 201-500 employees
Real User
2020-01-19T06:38:00Z
Jan 19, 2020
We use the on-premises deployment model. I'd rate the solution nine out of ten. I haven't compared it with other vendors, but it is a best-seller currently.
For application security testing, I would suggest Burp. It's probably the leader in this area. It's just like analog tools such as OWASP ZAP, which is open-source. OWASP ZAP is still not as effective as Burp is. The solution helps to find different security issues, and it helps identify many, many security issues quickly, and that's what makes it such a useful tool. I would rate the solution seven out of ten.
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Real User
2019-07-08T07:42:00Z
Jul 8, 2019
The tool comes in three type. First, there is the Open Community Edition, which is meant for people who use it to learn the tool or use it to secure their system. This edition does not have scanning features enabled to source scan the against application URLs or websites. From the standpoint of learning about security tests or assessing the security of application without scanning, the community edition really helps. Then you also have a Professional edition which is more meant for doing comprehensive vulnerability assessment and penetration application which is very important. Especially for independent teams like ours who make use of tools based on tech, etc. The good part about the professional edition is that it comes with a term license which is cost-effective. You pay for an annual charge and use it for a year's time and then you can extend it on an as-needed basis. Apart from these, we also have an Enterprise Edition which has features like scan schedulers unlimited scalability to test across multiple websites in parallel, supporting multiple user access with role based access control and easy integration with CI tools. The very best way this tool can be used through is to understand the application, identify the various roles that are there in the application. Then capture the user flows, with Port Swigger's BurpSuite, and understand what the requests are making use of the different features in BurpSuite. Post this the teams look at and analyze all the requests being sent. Observe the requests, use various roles with the tool using a repeater and intruder, analyze what's breaking through in the application. As you can quickly analyze with the intruder out here how the application's really behaving, how the payload is being sent across the tool. Then you get a quick sense of what's available which could be checked through for false positives and then arrive at the final output along with it. This is how I would like to handle the implementation of the solution. I would rate this solution 10 out of 10.
All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to ensure that the applications released to the public internet will have better protection from malicious attackers.
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees
Real User
2019-06-06T08:18:00Z
Jun 6, 2019
I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are available. I would rate this solution a nine out of ten.
Senior Security Engineer at a insurance company with 10,001+ employees
Real User
2019-05-16T07:47:00Z
May 16, 2019
They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there. I would rate this solution a seven out of ten.
It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement. Great product. I rate this product a 9 out of 10 for its total package of value-added features.
Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.
PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to...
I would recommend Burp Suite Professional to other users as it is a beneficial tool. I'd rate the solution nine out of ten.
Burp Suite has started a certification called Burp Suite Certified Professional (BSCP) that I recommend to pursue as it provides good documentation. I'd rate the solution nine out of ten.
I recommend the solution to others and rate it a nine out of ten.
it does give you ability to run easily various attack types , such as Sniper, Pitchfork attack, Battering RAM, Cluster bomb and various other attack types, which can be used to test Web application. Overall, I rate the solution an eight out of ten.
Burp Intruder does not work if there are multiple requests for a single API. I will recommend the tool to others. Overall, I rate the solution a ten out of ten.
You can enhance web features with Burp Suite because it works well with many plugins. There is a large community around it that develops custom plugins. You can integrate these plugins into your app to quickly identify various vulnerabilities. There are both free and paid plugins available. We build apps exclusively with Burp Suite Professional. There are many tools available to assist with vulnerability management. You can download and export Burp Scanner output and load it into a vulnerability management tool. This allows developers to track vulnerabilities and manage the process of correcting them, providing status updates to management. Overall, I rate the solution a ten out of ten.
Overall, I would rate the solution a nine out of ten.
PortSwigger Burp Suite Professional is a great product for people who need security features. Overall, I rate PortSwigger Burp Suite Professional ten out of ten.
The solution is not a good candidate for a DevSecOps tool. I recommend this solution for manual penetration testers. It is the best tool with the best support. PortSwigger has added plugins to efficiently catch bugs, for example, HTTP request smuggling. There are a lot of plugins, such as how to hide the JWT token. These plugins minimize the effort required by manual penetration testers so they can find bugs quickly with the help of these plugins. They have good support if anybody wants to learn how to use and install plugins. There is a lot of documentation available online. I rate PortSwigger Burp Suite Professional an eight out of ten.
I would say if price-wise you are looking for a good solution, then Burp Suite is the solution. But, obviously, if the price is not a reason, then I would rather like them to go to Acunetix. PortSwigger is definitely much better than OWASP Zap. It's easier to use, but you end up spending time. Like, my security personnel had to spend almost more than half a day to just analyze those bugs and then create a report for the development to fix it. And separate all those bugs, which are not even bugs, right, and figure it out and it takes time. Overall, I would rate the solution a seven out of ten.
I have not found many defects in my application of the solution. However, I'm unsure whether the application is very stable and has no security issues, or if the tool we are using is not catching any defects. The solution is user-friendly, and we can perform security testing, so I recommend the tool. It is very easy to understand, requires less maintenance, and you don't require any support since installation is very quick. I rate the solution a seven out of ten.
I recommend the solution for small and medium-sized businesses. It’s not suited for large enterprises. Everything depends on the cost. A customer with a high budget should go for solutions like Nessus. However, a more cost-effective solution like Burp Suite is recommended if they have a limited budget. My final recommendation is to use the solution that suits your needs. Overall, I rate the solution a five out of ten.
All the security issues and the integration of the vulnerabilities will happen automatically and manually in the website. So the solution will be very helpful for the website. I rate the overall solution a nine out of ten.
PortSwigger Burp Suite Professional is a very good product. My experience with the solution has been very good. Overall, I rate PortSwigger Burp Suite Professional an eight out of ten.
I rate the solution an eight out of ten overall.
I'm a customer. I'm using the professional version. It is the latest version. They always update it and provide me with the latest upgrades. I'd recommend the solution to others. It's very accurate and easy to use. I would rate the solution. Ten out of ten.
We are using Burp Suite. We are not selling Burp Suite. At this time, we're using the most up-to-date version of the product. I'd recommend the solution to others. I would rate it ten out of ten.
I would recommend the solution to technical professionals and non-technical persons. It is easy to use. I rate PortSwigger Burp Suite Professional a nine out of ten.
My company was parters with Portswigger. I’m not sure which version of the solution we were using. Everyone seems very happy with the solution. There are some learning modules as well so that we can go into the tool and understand it well. I would suggest the solution to my colleagues. I’d rate the solution nine out of ten.
I'm just a customer and an end-user. We're using the latest version of the solution. We usually give an auto-update functionality. All the updates came automatically. We are updating it automatically. We actually have an .EXE file in our system. We have the professional version. We've downloaded and given out the access key. It's on-premises, not the cloud. Overall, I've been very happy with the solution. I'd rate it nine out of ten.
I would tell potential users that if they want to go for penetration testing, PortSwigger Burp Suite Professional is the obvious choice. On a scale from one to ten, I would give PortSwigger Burp Suite Professional an eight.
I would say Burp Suite has now surpassed SAP as a tool. The main aspect of Burp Suite is that it's like an army knife for a hacker, it's not just the automation or the scanning that it brings. For a person with 80-90% knowledge of application security, this tool is a must-have. I would rate Burp Suite nine out of ten.
There are around 10 people using the solution in our organization. I don't have any advice off the cuff. When it comes to the web crawling features, it does not need to be in the same shape as before, but it would be nice if it allowed us to index associated things in the manner that we did so in the past. I rate PortSwigger Burp Suite Professional as a nine out of ten.
If you're looking for a budget-friendly tool, I would recommend PortSwigger Burp Suite Professional. On a scale from one to ten, I would rate this tool at seven.
I would recommend this solution to others. I rate PortSwigger Burp Suite Professional a ten out of ten.
We are just customers and end-users. I'd advise other organizations that this solution is a pretty good tool for manual penetration testing. It has good features like the Scanner and Sequencer, Repeater, and there are extensions. Burp extensions are available where they can customize Burp behavior using their own or third-party code. Those features will be really useful for Burp users. It's also obviously a very cost-effective option. I would rate the solution at a nine out of ten.
The solution has an annual subscription model, and therefore you'll have to keep updating the new version. It's part of the package. They release a new version and that is covered under your subscription. I'm a consultant. I buy tools from multiple vendors. I provide development assessment services for my clients. This is one more product in the suite of tools or applications, which are used for testing. Anyone at any sized company could use this solution. I'd recommend this solution. It's one more tool to have in your bag. I would rate the solution at a ten out of ten.
It is a really big solution. There are so many modules. You got to have some training to do it properly and go through a lot of documentation. I would rate PortSwigger Burp a nine out of ten. I haven't found anything to complain about, but there is always some room for improvement.
I would rate PortSwigger Burp an eight out of ten.
It is a very good product. You must try it once. I would rate PortSwigger Burp a nine out of ten. I am satisfied with this product. It is a great experience.
I would definitely recommend PortSwigger Burp. I've actually recommended it to some of my colleagues, students, and interns. I'm really comfortable and happy with it; besides, there are no other products to compare it to. On a scale from one to ten, I would give this solution a rating of eight. If they included example scenarios and hosted educational webinars, I would give this solution a rating of ten. In my area of expertise, I feel like it has almost everything I could possibly require at this moment. Generally, I don't come across situations like that, so I am very happy with it.
I would definitely recommend PortSwigger as a primary tool for auditing any open vulnerabilities of anything related to web applications. I would rate this product an eight out of 10.
They have more features than I can use and I need more time to utilize this solution 100%. I highly recommend it because everybody in Web Applications Security is using it. I would rate PortSwigger Burp a nine out of ten.
On a scale of one to ten I would rate PortSwigger Burp a seven. For it to be a 10 it would need to implement the above mentioned different formats for reporting and the interactive security testing.
This is a standard tool in this industry and anybody who is doing application security testing should be aware of it. My advice for anybody who is considering it is that it is very easy to install and configure, and there is lots of documentation available. I would rate this solution a nine out of ten.
I would recommend this solution depending on the requirements of the company. I would rate this solution a seven out of 10.
We do have problems with some of the add-ons that we install from the marketplace. They may not be available or out of support, so when you want to install them, they are not there. This is a very nice tool and anybody can use it, from beginner to expert level. There are some simple and straightforward settings with documentation that is very clear. If you follow the steps you can easily get up to speed within five minutes for a single user. I would rate this solution an eight out of ten.
I would recommend this solution to somebody considering Burp. I would rate it an eight out of ten.
We use the on-premises deployment model. I'd rate the solution nine out of ten. I haven't compared it with other vendors, but it is a best-seller currently.
We use the on-premises deployment model. I would rate the solution seven out of ten.
For application security testing, I would suggest Burp. It's probably the leader in this area. It's just like analog tools such as OWASP ZAP, which is open-source. OWASP ZAP is still not as effective as Burp is. The solution helps to find different security issues, and it helps identify many, many security issues quickly, and that's what makes it such a useful tool. I would rate the solution seven out of ten.
The tool comes in three type. First, there is the Open Community Edition, which is meant for people who use it to learn the tool or use it to secure their system. This edition does not have scanning features enabled to source scan the against application URLs or websites. From the standpoint of learning about security tests or assessing the security of application without scanning, the community edition really helps. Then you also have a Professional edition which is more meant for doing comprehensive vulnerability assessment and penetration application which is very important. Especially for independent teams like ours who make use of tools based on tech, etc. The good part about the professional edition is that it comes with a term license which is cost-effective. You pay for an annual charge and use it for a year's time and then you can extend it on an as-needed basis. Apart from these, we also have an Enterprise Edition which has features like scan schedulers unlimited scalability to test across multiple websites in parallel, supporting multiple user access with role based access control and easy integration with CI tools. The very best way this tool can be used through is to understand the application, identify the various roles that are there in the application. Then capture the user flows, with Port Swigger's BurpSuite, and understand what the requests are making use of the different features in BurpSuite. Post this the teams look at and analyze all the requests being sent. Observe the requests, use various roles with the tool using a repeater and intruder, analyze what's breaking through in the application. As you can quickly analyze with the intruder out here how the application's really behaving, how the payload is being sent across the tool. Then you get a quick sense of what's available which could be checked through for false positives and then arrive at the final output along with it. This is how I would like to handle the implementation of the solution. I would rate this solution 10 out of 10.
All application development organizations should purchase BurpSuite and train their developers on how to use this solution to identify security flaws. This will help to ensure that the applications released to the public internet will have better protection from malicious attackers.
I would recommend this product to others. It is very straightforward and it is oriented to the application, which is why we chose it. I would also recommend reviewing and using the extensions that are available. I would rate this solution a nine out of ten.
They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had passive and active scanning to perform the testing part. It now has a complete website of scanning features which were previously not there. I would rate this solution a seven out of ten.
It's actually a very good product. It's pretty automated and it's easy to work with. No additional features need to be added because it's already an extraordinary tool. So there's no need for additional improvement. Great product. I rate this product a 9 out of 10 for its total package of value-added features.