Senior Cyber Security Analyst at a tech services company with 201-500 employees
Real User
Top 10
2024-10-09T15:07:00Z
Oct 9, 2024
I am a penetration tester working for a private organization. I evaluate the security of applications companies develop. I check for security vulnerabilities in web applications, Android and iOS devices, and thick and thin clients using Burp Suite. I use it to prevent applications from being hacked by outsiders.
Learn what your peers think about PortSwigger Burp Suite Professional. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
I have been using this solution for quite a long time. The features and request tampering are different. This solution helps us when testing applications. It is a flexible tool.
We use PortSwigger Burp Suite to scan our internal banking journey. Where we have customer-based applications in the banking industry, we test performance and security to catch defects as easily as possible. That is why we use PortSwigger Burp Suite.
We are the resellers and not the customers. Usually, our customers use the solution's vulnerability scanner to check problems with their websites and web applications. While I cannot disclose specific customer names due to our NDA agreements, they normally use the solution to address issues with their web services.
The solution has improved the organisation as it helps with scanning and doing the reports for the developers. The solution also helps with communicating the everyday issues and delivering high security and web applications to the customers.
We are using the solution for web application testing. From Burp Suite, we can test the application security. We have a team of system auditors, and our auditors use Burp Suite.
Mainly, the solution is a proxy. It also contains different tools, including intruder tools for customized automated attacks and tools for repeating requests, or decoding, et cetera. Many tools are there that can perform different tasks for different use cases. Apart from that, we have the BApp Store which contains a lot of tools as well. This Burb Suite is an application where we have all the tools. It is mainly used for pen testing.
Lead Security Architect at a comms service provider with 1,001-5,000 employees
Real User
2021-03-09T10:00:42Z
Mar 9, 2021
It's an individual tool that security professionals use for their manual pen-testing. We use it for capturing the traffic, intercepting the traffic between the browser and the application. We try to manipulate the applications, the traffic so that whatever input that is accepted by the application is sanitized and validated. We try to analyze the application for input validation. All inputs are handled correctly. Another use case is having a scanner module built-in where you can browse the entire application. The scanner can continuously scan the application for vulnerabilities based on OWASP Top 10 standards. Likewise, you can come to know what vulnerabilities are in the application. Later, you can go through the vulnerabilities one by one and triage them. There are many different modules in Burp Suite. We have a comparator module where you can compare the request and response. You have the Repeater module where you can repeat the sequences. They can be used for other test use cases such as doing disciplinary attacks or brute force attacks on the applications. Basically, there are a wide variety of use cases and applications.
IT Security Analyst at a tech services company with 11-50 employees
Real User
2021-01-07T19:25:07Z
Jan 7, 2021
I'm a junior cybersecurity analyst, and I'm helping the seniors to do some testing. Meanwhile, I'm also getting trained with the tool. I mostly use it for vulnerable apps assessment and some auditing. Other analysts use it for penetration testing. We are using the latest version. We downloaded it three days ago.
Lead Software Architect at a tech services company with 201-500 employees
Real User
2020-12-18T17:35:01Z
Dec 18, 2020
We use this solution when we develop any of our software applications and host it with the website for external clients. All of the applications go through the vulnerability scanner.
Compliance Manager at a tech services company with 201-500 employees
Real User
2020-10-15T11:35:00Z
Oct 15, 2020
We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application. Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications. Primarily we have three users, but keep in mind, we only have a single environment, which we need to improve and expand.
Security consultant at a manufacturing company with 10,001+ employees
Real User
2020-10-13T07:21:39Z
Oct 13, 2020
The primary use case is generally for security compliance on web applications. We provide services to our customers with Burp both on-prem and on cloud. I'm a solutions consultant and we are customers of PortSwigger Burp.
Penetration Tester at a tech services company with 1,001-5,000 employees
Real User
2020-09-03T07:49:50Z
Sep 3, 2020
I am a penetration tester at my company and PortSwigger Burp is one of the products that I use in this capacity. It is a manual testing penetration tool.
IT Manager at a manufacturing company with 10,001+ employees
Real User
2020-08-13T08:33:54Z
Aug 13, 2020
There are three versions and we are using all three - community, professional and enterprise. We use the community and professional versions on premises and the enterprise version is on cloud. I'm an IT Manager.
Cyber Security Specialist at a university with 10,001+ employees
Real User
2020-01-29T11:22:31Z
Jan 29, 2020
This is a solution for which I provide services to our customers and I also use it personally. As part of our organization, we build internal applications. Before they are put into production, we run a suite of security tests to ensure that our applications are not vulnerable to any known issues. We use PortSwigger Burp for testing, as well as OSASP Zap. We do similar tests in multiple tools to make sure that we cover the entire set of use cases. I have this solution deployed as one user on a single machine, which is used by a designated security tester.
Director - Head of Delivery Services at Ticking Minds Technology Solutions Pvt Ltd
Real User
2019-07-08T07:42:00Z
Jul 8, 2019
Clients come to me for an assessment of their web applications to see the risks that they are facing with their applications. They want to ensure that their application is free of being manipulated and also secure, so they reach out to us to do vulnerability assessment and application penetration testing. We make use of PortSwigger's BurpSuite tool carry this out. We look at it more from an application standpoint, what common vulnerabilities there are like the top 10 OWASP vulnerabilities like Injection(OS/SQL/CMD), broken authentication, session management, cross site request forgery, unvalidated redirects/forwards, etc. Those are the primary uses we make use for this tool.
We use this solution for the security assessment of web applications before their release to the internet. The security assessment team uses this product to identify vulnerabilities and vulnerable code that developers may introduce. We host all of the beta applications in our internal web servers and then the security team starts assessments when the development freezes.
My primary use case for this solution is designed around my own personal use. Burp Suite is a graphical tool for testing Web application security. The tool is written in Java.
Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.
PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to...
We use Burp Suite Professional for testing websites and checking some servers, primarily scanning IP addresses and checking which ports are open.
I am a penetration tester working for a private organization. I evaluate the security of applications companies develop. I check for security vulnerabilities in web applications, Android and iOS devices, and thick and thin clients using Burp Suite. I use it to prevent applications from being hacked by outsiders.
We use the product primarily for application security. It helps us conduct scans and perform manual testing.
We use the solution for penetration testing, web application testing, etc.
The solution is used for penetration testing of any kind of application. We use it for security testing workflow daily.
We use the solution for scanning. It also has a repeater function to replay a request. I'm using it for brute forcing and future scheduling.
I have been using this solution for quite a long time. The features and request tampering are different. This solution helps us when testing applications. It is a flexible tool.
We use the solution for security assessments. It's a special tool for penetration testers or security specialists.
We use PortSwigger Burp Suite Professional for manual penetration testing.
We use this solution for security testing, and application security.
We use PortSwigger Burp Suite to scan our internal banking journey. Where we have customer-based applications in the banking industry, we test performance and security to catch defects as easily as possible. That is why we use PortSwigger Burp Suite.
We are the resellers and not the customers. Usually, our customers use the solution's vulnerability scanner to check problems with their websites and web applications. While I cannot disclose specific customer names due to our NDA agreements, they normally use the solution to address issues with their web services.
The solution has improved the organisation as it helps with scanning and doing the reports for the developers. The solution also helps with communicating the everyday issues and delivering high security and web applications to the customers.
We use the solution to do VAPT.
I'm primarily using it for testing of the company's website.
We are using the solution for web application testing. From Burp Suite, we can test the application security. We have a team of system auditors, and our auditors use Burp Suite.
PortSwigger Burp Suite Professional can be used on the cloud or on-premise.
The solution is primarily used for scanning the webpage and for the incoming traffic for the application.
Mainly, the solution is a proxy. It also contains different tools, including intruder tools for customized automated attacks and tools for repeating requests, or decoding, et cetera. Many tools are there that can perform different tasks for different use cases. Apart from that, we have the BApp Store which contains a lot of tools as well. This Burb Suite is an application where we have all the tools. It is mainly used for pen testing.
I use PortSwigger Burp Suite Professional for penetration testing.
I mainly use Burp Suite for manual testing, using it as a proxy to do my manual pen test.
We are using the latest version and are in the process of upgrading it.
We use PortSwigger Burp Suite Professional for security testing and for doing vulnerability scanning mechanisms.
The solution is the standard in application penetration testing and this is what we use it for.
It's an individual tool that security professionals use for their manual pen-testing. We use it for capturing the traffic, intercepting the traffic between the browser and the application. We try to manipulate the applications, the traffic so that whatever input that is accepted by the application is sanitized and validated. We try to analyze the application for input validation. All inputs are handled correctly. Another use case is having a scanner module built-in where you can browse the entire application. The scanner can continuously scan the application for vulnerabilities based on OWASP Top 10 standards. Likewise, you can come to know what vulnerabilities are in the application. Later, you can go through the vulnerabilities one by one and triage them. There are many different modules in Burp Suite. We have a comparator module where you can compare the request and response. You have the Repeater module where you can repeat the sequences. They can be used for other test use cases such as doing disciplinary attacks or brute force attacks on the applications. Basically, there are a wide variety of use cases and applications.
We primarily use the solution for security testing - specifically for web-application security.
I'm a junior cybersecurity analyst, and I'm helping the seniors to do some testing. Meanwhile, I'm also getting trained with the tool. I mostly use it for vulnerable apps assessment and some auditing. Other analysts use it for penetration testing. We are using the latest version. We downloaded it three days ago.
We use this solution when we develop any of our software applications and host it with the website for external clients. All of the applications go through the vulnerability scanner.
We are an auditing company. We use this solution for auditing purposes for the infrastructure of our customers.
We're a software development company. We specialize in ensuring application security for our customers. For each and every application we release, we issue a certificate explaining that the application is up to date and that all security testing has been successfully completed. In that certificate, we also mention that PortSwigger is one of the tools that we used to test the application. Presently, we have three users. In the future, regarding product testing, I am thinking of hiring another two people, which will make us a team of five. Currently, we're releasing a lot of applications. Primarily we have three users, but keep in mind, we only have a single environment, which we need to improve and expand.
The primary use case is generally for security compliance on web applications. We provide services to our customers with Burp both on-prem and on cloud. I'm a solutions consultant and we are customers of PortSwigger Burp.
We used this solution as a proxy. It's a software that intercepts HTTP requests. You can modify them on your system for testing web applications.
Our use cases are to identify the vulnerabilities of OAST and the other applications we are using.
I am a penetration tester at my company and PortSwigger Burp is one of the products that I use in this capacity. It is a manual testing penetration tool.
There are three versions and we are using all three - community, professional and enterprise. We use the community and professional versions on premises and the enterprise version is on cloud. I'm an IT Manager.
This is a solution for which I provide services to our customers and I also use it personally. As part of our organization, we build internal applications. Before they are put into production, we run a suite of security tests to ensure that our applications are not vulnerable to any known issues. We use PortSwigger Burp for testing, as well as OSASP Zap. We do similar tests in multiple tools to make sure that we cover the entire set of use cases. I have this solution deployed as one user on a single machine, which is used by a designated security tester.
Currently, we're trying to import the solution to implement it to other applications for our website. So far, it's been fantastic.
We use the solution for scanning our in-house external facing website.
The primary use case is security for the development lifecycle. We use the application for security testing.
Clients come to me for an assessment of their web applications to see the risks that they are facing with their applications. They want to ensure that their application is free of being manipulated and also secure, so they reach out to us to do vulnerability assessment and application penetration testing. We make use of PortSwigger's BurpSuite tool carry this out. We look at it more from an application standpoint, what common vulnerabilities there are like the top 10 OWASP vulnerabilities like Injection(OS/SQL/CMD), broken authentication, session management, cross site request forgery, unvalidated redirects/forwards, etc. Those are the primary uses we make use for this tool.
We use this solution for the security assessment of web applications before their release to the internet. The security assessment team uses this product to identify vulnerabilities and vulnerable code that developers may introduce. We host all of the beta applications in our internal web servers and then the security team starts assessments when the development freezes.
Our primary use for this solution is to perform vulnerability scanning before we deploy software in production.
I use this primarily for intercepting mobile HTTP and HTTPS requests with SSL pinning bypass. It's a better tool for manual tasks.
Our primary use case for this solution is to perform application security testing.
My primary use case for this solution is designed around my own personal use. Burp Suite is a graphical tool for testing Web application security. The tool is written in Java.