The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.
N/A
Postman
Score 8.8 out of 10
N/A
Postman, headquartered in San Francisco, offers their flagship API development and management free to small teams and independent developers. Higher tiers (Postman Pro and Postman Enterprise) support API management, as well as team collaboration, extended support and other advanced features.
$0
Pricing
PortSwigger Burp Suite
Postman
Editions & Modules
No answers on this topic
Postman Free Plan
$0.00 US Dollars
Postman Basic Plan
$12 US Dollars
per month per user
Postman Professional Plan
$29 US Dollars
per month per user
Postman Enterprise Plan
$99 US Dollars
per month per user
Offerings
Pricing Offerings
PortSwigger Burp Suite
Postman
Free Trial
No
No
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
1. Postman Free plan: Start designing, developing, and testing APIs at no cost for teams of up to three people.
2. Postman Basic plan: Collaborate with your team to design, develop, and test APIs faster; $12/month per user, billed annually
3. Postman Professional plan: Centrally manage the entire API workflow; $29/month per user, billed annually
4. Postman Enterprise plan: Securely manage, organize, and accelerate API-first development at scale; $99/month per user, billed annually
Burp Suite is a good general tool to test websites as long as your website is not too large or you have the time for it to complete. We have some websites that only about five to ten minutes for Burp Suite to complete an attack and a spider only takes about two minutes. Other websites have taken a few hours to complete. I have seen a tester actually run Burp Suite against one of our websites and it took all day to complete.
Postman is good for organising your API credentials, vendor settings, environments etc. It's also a good way of getting stared with APIs as you get to use a GUI which can help you understand what we mean by a 'body' or 'bearer token'. I think people generally gravitate towards GUI tools for getting started in a new technology area.
It has opened a door for me to explore more out of it, as it is associated with so many APIs that I never felt any difficulty in finding the right API template, which are well organized and easily available.
It is very secure to use and provides great services which are user-friendly.
Due to this software I have got rid of the excessive emails and the slack channels, Now I am using my own private API and even it give me an option to produce my personal Postman’s API Builder from its Private API Network and this features has shared my excessive workload.
The interface is a big problem: No matter how many features a software provides you, if the features are not well presented, you will miss most of them when they are actually required. The presentation of the software should be improvised and made more presentable.
Tutorial videos for beginners: This software lacks a lot in tutorials. A beginner almost wastes most of the time in finding and understanding the features and the implementation of the same. The software vendor should work on providing more in-depth videos so that people can learn and understand the concepts.
Easy to use once you learn it; however, the user interface is not very intuitive at first view. Port Swigger does provide a lot of video resources for self-paced learning which helps. Most of the end users for PortSwigger Burp Suite will be technical and should be able to learn the product with the free resources.
1. Friendly user friendly - when I started using Postman, I was a beginner to the API world, and it gave me a friendly view to begin its usage 2. Postman offers many features, including API testing, monitoring, documentation, and mock servers 3. Environment variables simplify testing across multiple environments (dev, prod) without repetitive configuration.
BurpSuite does not have an amazing customer support. All the major help that you will find is from public forums and Google. Although you will find all the required information on Google, still at time professional support helps you solve the problem in much less time and make your operations go smoothly.
There is a lot of in-depth documentation for Postman available online, including detailed guides with screenshots and videos. They provide example APIs for new users to explore while learning how to use the tool. Generally, bugs in the client are quickly addressed through frequent free updates. Community and professional support options are available - most of the time, the free/community level support is adequate
Each tool is specific and are good for what they do. While Burp Suite can perform some level of the same functions, somehow security consultants prefer these tools as additional to the Burp Suite. Maybe due to open source and easy setup when compared to Burp Suite. But Burp Suite allows for one tool for many templates for each project.
Previous to using Postman, I would either use browser tools directly, or write an in-house tool to send requests. Postman eliminates that need while providing a much better experience and more features. At the base level, Postman is as simple as typing in the address as you would in a browser. Authentication can be provided simply as well.
Postman is free (although there's a paid tier that offers more features) so using it for testing APIs comes with little to no risk (besides learning curve).
The learning curve is a little steep for non-developer users, but developers should find it easy to pick up and use right out of the box, so to speak.
