Likelihood to Recommend Burp Suite is a good general tool to test websites as long as your website is not too large or you have the time for it to complete. We have some websites that only about five to ten minutes for Burp Suite to complete an attack and a spider only takes about two minutes. Other websites have taken a few hours to complete. I have seen a tester actually run Burp Suite against one of our websites and it took all day to complete.
Read full review It has helped save us so much time, as it was designed to automate mundane and repetitive tasks that we were using other tools to perform and that required so much manual intervention. It does not work very well within Windows environments, understandably, but I would love to see more integration. I want it to be sexy and attractive to more than just geeky sysadmins.
Read full review Pros The passive scan feature is really awesome, it kind of covers areas that you might miss. The CSRF POC is really helpful to my team. It helps development team see the issue and understand it. Burp intruder and repeater are the features I myself and my team uses the most as it helps us use our payloads in a variety of different ways. Active scan helps the team to ensure coverage for the whole application. Read full review Debugging is easy, as it tells you exactly within your job where the job failed, even when jumping around several playbooks. Ansible seems to integrate with everything, and the community is big enough that if you are unsure how to approach converting a process into a playbook, you can usually find something similar to what you are trying to do. Security in AAP seems to be pretty straightforward. Easy to organize and identify who has what permissions or can only see the content based on the organization they belong to. Read full review Cons More features to be available for the free/community version to allow more learning Manual updating of plugin without network connectivity More controls with the manual testing with scenario inputs Read full review YAML is hard for many to adopt. Moving to a system that is not as white space sensitive would likely increase uptake. AAP and EDA should be more closely aligned. There are differences that can trip users of the integration up. An example would be the way that variables are used. Event-driven Ansible output is not as informative as AAP. Read full review Likelihood to Renew Even is if it's a great tool, we are looking to renew our licence for our production servers only. The product is very expensive to use, so we might look for a cheaper solution for our non-production servers. One of the solution we are looking, is AWX, free, and similar to AAP. This is be perfect for our non-production servers.
Read full review Usability Given this tool's wide area of testing functionality for mobile and web applications, it's a great tool to invest in for security testing. Though it lacks documentation to carry out particular vulnerability findings which are very challenging for a new user of this tool
Read full review the yaml is easy to write and most people can be taught to write basic playbooks in a few weeks
Read full review Performance Great in almost every way compared to any other configuration management software. The only thing I wish for is python3 support. Other than that, YAML is much improved compared to the Ruby of Chef. The agentless nature is incredibly convenient for managing systems quickly, and if a member of your term has no terminal experience whatsoever they can still use the UI.
Read full review Support Rating BurpSuite does not have an amazing customer support. All the major help that you will find is from public forums and Google. Although you will find all the required information on Google, still at time professional support helps you solve the problem in much less time and make your operations go smoothly.
Read full review There is a lot of good documentation that Ansible and Red Hat provide which should help get someone started with making Ansible useful. But once you get to more complicated scenarios, you will benefit from learning from others. I have not used Red Hat support for work with Ansible, but many of the online resources are helpful.
Read full review Implementation Rating I spoke on this topic today!
Read full review Alternatives Considered The only other tool I use that works like Burp Suite is the OWASP ZAP. It works a lot like Burp but just has a different layout. I prefer how Burp has the tabs for Repeater, Intruder, Decoder, ect.
Read full review I haven't thought of any right now other than just doing our own home-brewed shell scripts. Command line scripts. And how does this compare? It's light years ahead, especially with the ability to share credentials without giving the person the actual credentials. You can delegate that within, I guess what used to be called Ansible Tower, which is now the Ansible Automation platform. It lets you share, I can give you the keys without you being able to see the keys. It's great
Read full review Return on Investment Positive impact, time to complete security development stage is decreased. Very positive impact on budgeting for external penetration testing. We can do the bulk of the common testing ourselves now. Read full review Red Hat Ansible Automation Platform offers automation and ML tools that allow me to automate complex IT tasks. Through automation analytics, it is seamless to gain full visibility into automation performance allowing me to make informed decisions. Red Hat Ansible Automation Platform allows me to move rapidly from insights to action. Creating and sharing automation content in one place unify a team in one place hence enhancing real-time collaboration. Read full review ScreenShots