App Sec Engineer at a non-profit with 11-50 employees
Real User
Top 20
2024-10-15T15:50:00Z
Oct 15, 2024
Scalability could be better. It's primarily focused on dynamic application security testing but might require integration with another platform to handle larger environments efficiently.
PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers.
Senior IT Security Analyst at a transportation company with 10,001+ employees
Real User
2022-08-23T20:17:44Z
Aug 23, 2022
There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings.
Learn what your peers think about PortSwigger Burp Suite Enterprise Edition. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Cyber security Lead at a manufacturing company with 1,001-5,000 employees
Real User
2021-05-14T17:29:26Z
May 14, 2021
There are lots of false positives. That is a bad part. It's something that they can work on. If I'm scanning, I'm running a vulnerability scan and those libraries are there, sometimes those vulnerabilities of the libraries like Java or something gets reported, and sometimes it misses. That I have also raised with our team, however, they were not able to satisfy me in that aspect. Some Java libraries are outdated. It was showing vulnerability in an older version, in the older configuration. Once I updated my vulnerability scanner, and not that Java library, and still, vulnerability scanner missed that particular vulnerability. Regarding the binaries part. There was a lot of long technical discussion that has happened with the Enterprise support team. Too many times the vulnerability scan fails. The solution is a bit expensive. I'd like to see a DST, an image testing. Mobile also would be helpful. It would make the product a better player in the scanning part. There are lots of vulnerability scanners that are providing code analysis. They can increase it to be a competitive product in the market. We have looked at other solutions and products to add to get more tools. Code analysis, mobile, and APIs are becoming big on the market and this solution doesn't answer all of those needs just yet.
Cyber security Lead at a manufacturing company with 1,001-5,000 employees
Real User
2021-03-26T12:05:33Z
Mar 26, 2021
There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives. The scan result is also unstable. In some applications, it'll basically give the frameworks, but the GRE is missing from it. It won't report some scans, and some results are substandard. In the next release, I'm looking for a scanning tool that has SAST and DAST. For example, Veracode provides all those things. Burp Suite Enterprise Edition only provides vulnerability scanning like static analysis and dynamic analysis, software composition analysis, and practice applications. They should also offer more with different packages.
Burp Suite Enterprise Edition is an automated web vulnerability scanner, designed to enable enterprises to scale security across their web portfolios and achieve DevSecOps. Automate trusted Burp scans, integrate web security testing with development, and free your application security to support software development.
Scalability could be better. It's primarily focused on dynamic application security testing but might require integration with another platform to handle larger environments efficiently.
PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers.
The stability of the scans could be improved.
The product needs to have the ability to evaluate more.
It would be better if the solution is cloud-based. If it's installed on a server, we can access the solution even when we are working from home.
There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings.
There are lots of false positives. That is a bad part. It's something that they can work on. If I'm scanning, I'm running a vulnerability scan and those libraries are there, sometimes those vulnerabilities of the libraries like Java or something gets reported, and sometimes it misses. That I have also raised with our team, however, they were not able to satisfy me in that aspect. Some Java libraries are outdated. It was showing vulnerability in an older version, in the older configuration. Once I updated my vulnerability scanner, and not that Java library, and still, vulnerability scanner missed that particular vulnerability. Regarding the binaries part. There was a lot of long technical discussion that has happened with the Enterprise support team. Too many times the vulnerability scan fails. The solution is a bit expensive. I'd like to see a DST, an image testing. Mobile also would be helpful. It would make the product a better player in the scanning part. There are lots of vulnerability scanners that are providing code analysis. They can increase it to be a competitive product in the market. We have looked at other solutions and products to add to get more tools. Code analysis, mobile, and APIs are becoming big on the market and this solution doesn't answer all of those needs just yet.
The implementation of the solution is quite complicated and could be easier.
There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives. The scan result is also unstable. In some applications, it'll basically give the frameworks, but the GRE is missing from it. It won't report some scans, and some results are substandard. In the next release, I'm looking for a scanning tool that has SAST and DAST. For example, Veracode provides all those things. Burp Suite Enterprise Edition only provides vulnerability scanning like static analysis and dynamic analysis, software composition analysis, and practice applications. They should also offer more with different packages.