TrustRadius
The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.https://dudodiprj2sv7.cloudfront.net/product-logos/Dw/M5/91PTE3VERDOL.jpegBurp Suite a good Security Testing Tool at a Good PriceBurp Suite is being used by the Web Software Security Team. It is fairly easy to use and can do much of the dynamic security testing (DAST) at the company. We have a company policy that all websites must go through a security review before they can be moved to production. Burp is one of the tools that we use to help in this process. I have found that Burp Suite can usually do the job required fairly quickly. It also produces a report that most of the developers can understand.,Burp Suite is fairly quick to perform an attack on a website. I have found it very thorough for the time it takes to run an attack. Burp Suite can spider a website very quickly and it usually finds most of the web pages on a website. Once it has spidered a website, it allows you to not attack any page it found during the scan. This is very useful when there are certain parts of a website you do not want to attack. Burp Suite allow you easily log into a website as the first step in spidering and attacking. This is useful for us since most of our websites require a login before we can scan the internal pages of a website.,Burp Suite is not a tool that a complete security novice will get much out of. You do need to know the basics of application security to be able to properly use the tool. Burp Suite can, at times, take a very long time to completely attack a website. I have found that some websites are still being attacked after a few hours. This is usually due to errors being thrown during the attack process and Burp Suite has determined that too many errors have been thrown it will stop attempting the test that was throwing the errors. Burp Suite is constantly being updated. I find that I have to install a new release about two or three times a month. I know this should be considered a good thing, and it can be, but sometimes I am afraid that an update might break the tool.,8,Burp Suite is a decent tool for the price and many security testers know how to use it. Considering some DAST tools cost 10 of thousands of dollars a year to get a license for and they do not do any better at scanning a website than Burp Suite if is a good investment. Burp Suite has many training videos and tutorials available on the Internet. Testers are good for training your staff on how to use the tool. Burp Suite needs to improve their support for testers website attacks. Not completing successfully is not a good option after a few hours of running.,Netsparker and Rapid7 AppSpider,Netwrix Auditor, Netsparker, Visual Studio IDE,No,Price Product Usability Product Reputation,I like Burp Suite and I don't think I would change my mind if I had to make the decision again. The product usually runs well and does what I need it to do. There some problems with the product but for the price, it is quite a good product.Inexpensive and the best tool on the market for application testing!We have been using Burp Suite for about 5 years, however the organization has been using it for longer than that. I personally was introduced to it about 5 years ago, but not before hearing about it. Since I have become "pigeon-holed" into web penetration testing, I don't know a single person out there who does web penetration testing that wouldn't say Burp Suite is their main tool.,Intercepts web/browser traffic. Pro version has a very useful scanner. Has a variety of tools and add-ons.,One gripe I have, and this may be because its built for applications/browsers, is that it doesn't handle other traffic. I would love to see burp move towards a full Man in the middle tool,10,Burp is so cheap that I can say without a doubt I have had a return on investment. I pay for the license for personal use and also have an office license, which I never do with other tools.,,Metasploit, Tenable SecurityCenter, NmapBest Web Security Tool - Hands DownPortswigger Burp Suite is used as one of two primary tools by the vulnerability assessment team for evaluating security of all 300+ public facing web sites. It serves as a reliable tool in the suite used to find and validate deficiencies, and implement and verify fixes.,Penetration testing of web applications Web vulnerability scanning Customized scan and attack applications,Easy to use, but difficult to master. Some polish to the GUI and reports would be nice. More comprehensive integration with government regulations would help in terms of compliance efforts.,10,Scanned 100% of the orgs public facing web sites with a small team of analysts. Provided a reputable second opinion source to back up the other product in use i.e. Webinspect. Pro version $350 is amazing ROI, considering the thwarted attacks and that it's competition is priced in the tens of thousands last I checked. No successful hacks. Q.E.D. :-),,HP Fortify Security Scope
Unspecified
Burp Suite
9 Ratings
Score 8.9 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Burp Suite Reviews

Burp Suite
9 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.9 out of 101
Show Filters 
Hide Filters 
Filter 9 vetted Burp Suite reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-3 of 3)
  Vendors can't alter or remove reviews. Here's why.
Glenn Jones profile photo
August 24, 2018

Review: "Burp Suite a good Security Testing Tool at a Good Price"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Burp Suite is being used by the Web Software Security Team. It is fairly easy to use and can do much of the dynamic security testing (DAST) at the company. We have a company policy that all websites must go through a security review before they can be moved to production. Burp is one of the tools that we use to help in this process. I have found that Burp Suite can usually do the job required fairly quickly. It also produces a report that most of the developers can understand.
  • Burp Suite is fairly quick to perform an attack on a website. I have found it very thorough for the time it takes to run an attack.
  • Burp Suite can spider a website very quickly and it usually finds most of the web pages on a website. Once it has spidered a website, it allows you to not attack any page it found during the scan. This is very useful when there are certain parts of a website you do not want to attack.
  • Burp Suite allow you easily log into a website as the first step in spidering and attacking. This is useful for us since most of our websites require a login before we can scan the internal pages of a website.
  • Burp Suite is not a tool that a complete security novice will get much out of. You do need to know the basics of application security to be able to properly use the tool.
  • Burp Suite can, at times, take a very long time to completely attack a website. I have found that some websites are still being attacked after a few hours. This is usually due to errors being thrown during the attack process and Burp Suite has determined that too many errors have been thrown it will stop attempting the test that was throwing the errors.
  • Burp Suite is constantly being updated. I find that I have to install a new release about two or three times a month. I know this should be considered a good thing, and it can be, but sometimes I am afraid that an update might break the tool.
Burp Suite is a good general tool to test websites as long as your website is not too large or you have the time for it to complete. We have some websites that only about five to ten minutes for Burp Suite to complete an attack and a spider only takes about two minutes. Other websites have taken a few hours to complete. I have seen a tester actually run Burp Suite against one of our websites and it took all day to complete.
Read Glenn Jones's full review
No photo available
September 11, 2018

Burp Suite Review: "Inexpensive and the best tool on the market for application testing!"

Score 10 out of 10
Vetted Review
Verified User
Review Source
We have been using Burp Suite for about 5 years, however the organization has been using it for longer than that. I personally was introduced to it about 5 years ago, but not before hearing about it. Since I have become "pigeon-holed" into web penetration testing, I don't know a single person out there who does web penetration testing that wouldn't say Burp Suite is their main tool.
  • Intercepts web/browser traffic.
  • Pro version has a very useful scanner.
  • Has a variety of tools and add-ons.
  • One gripe I have, and this may be because its built for applications/browsers, is that it doesn't handle other traffic. I would love to see burp move towards a full Man in the middle tool
I will say that Burp Suite and or Burp Suite Pro are REQUIRED for any web application penetration test. While there are other tools out there that are similar, none have the range of abilities and tool set that Burp has. Burp suite also makes it easy to use. Everything is laid out in a manner that facilitates efficiency and ease of use.
Read this authenticated review
Dan Fluharty profile photo
January 30, 2018

Burp Suite Review: "Best Web Security Tool - Hands Down"

Score 10 out of 10
Vetted Review
Verified User
Review Source
Portswigger Burp Suite is used as one of two primary tools by the vulnerability assessment team for evaluating security of all 300+ public facing web sites. It serves as a reliable tool in the suite used to find and validate deficiencies, and implement and verify fixes.
  • Penetration testing of web applications
  • Web vulnerability scanning
  • Customized scan and attack applications
  • Easy to use, but difficult to master.
  • Some polish to the GUI and reports would be nice.
  • More comprehensive integration with government regulations would help in terms of compliance efforts.
Burp Suite is recognized among cybersecurity professionals as a world-class web security tool. It is amazingly inexpensive, with the full-featured Professional version at only $350, a price within reach of most organizations. For those with a limited budget or technical expertise, an outsourced solution may be better. Otherwise, it is really tough to beat this product for what it does.
Read Dan Fluharty's full review

Burp Suite Scorecard Summary

About Burp Suite

The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.

Burp Suite Technical Details

Operating Systems: Unspecified
Mobile Application:No