PortSwigger Burp Suite

PortSwigger Burp Suite

About TrustRadius Scoring
Score 8.7 out of 100
PortSwigger Burp Suite

Overview

Recent Reviews

Burp is really all you need

10 out of 10
November 18, 2020
Working in application security, I use Burp Suite to proxy my internet traffic for inspection and manipulation to help test for security …
Continue reading
Read all reviews

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of PortSwigger Burp Suite, and make your voice heard!

Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is PortSwigger Burp Suite?

The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

6 people want pricing too

Alternatives Pricing

What is Nessus?

Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.

What is Titania Nipper?

Nipper discovers vulnerabilities in firewalls, switches and routers, automatically prioritizing risks to an organization. Its virtual modelling is designed to reduce false positives and identify exact fixes to help users stay secure and compliant.Audits: Firewalls | Switches | Routers The vendor…

Return to navigation

Features Scorecard

No scorecards have been submitted for this product yet..
Return to navigation

Product Details

What is PortSwigger Burp Suite?

The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.

PortSwigger Burp Suite Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.

Reviewers rate Support Rating highest, with a score of 9.9.

The most common users of PortSwigger Burp Suite are from Enterprises (1,001+ employees) and the Information Technology & Services industry.
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (44)

Ratings

Reviews

(1-9 of 9)
Companies can't remove reviews or game the system. Here's why
Melvin John | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Our company has a set of security consultants who conducts penetration testing on all the products developed by our company on a regular basis. Being an enterprise product-based company, we have tried out many other scanning tools and ended up using burp which was the only one that helped our consultants to come up with valid and relevant bugs.
  • The passive scan feature is really awesome, it kind of covers areas that you might miss.
  • The CSRF POC is really helpful to my team. It helps development team see the issue and understand it.
  • Burp intruder and repeater are the features I myself and my team uses the most as it helps us use our payloads in a variety of different ways.
  • Active scan helps the team to ensure coverage for the whole application.
  • Reporting area is a weak area that we have identified with Burp.
  • DevsecOps integration is something I am really curious about...
  • The user interface can be considered to make more improvements.
Best suited if you have a team that has the ability and bandwidth to conduct manual penetration testing. In our case, many commercial tools were unable to find any valid bugs.

Not suitable to teams who needs security testing done with just one click. Reporting is also an issue with this tool.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Burp Suite is used by my security consultants to perform security assessments and reviews for the organization's applications. It is commonly used across the entire organization, by different groups and teams. The security consultants used the suite to perform their security assessments as well as for training for new hires.
  • Manual penetration testing and configuration tweaks
  • Automated bulk scanning and simulated scenarios
  • Reports generations for mgt as well as working levels
  • More features to be available for the free/community version to allow more learning
  • Manual updating of plugin without network connectivity
  • More controls with the manual testing with scenario inputs
Burp Suite is a baseline for any security reviews. Security consultants and new aspiration security trainees can be more exposed to it to use as part of their course and trainings. Experienced security consultants can transfer their knowledge to the the newbies, but good to have more features to wow the newbies and mgt.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Working in application security, I use Burp Suite to proxy my internet traffic for inspection and manipulation to help test for security vulnerabilities. The other tool that comes to mind is OWASP ZAP, but overall Burp is generally considered to be the best tool out there for application security testers.
  • Fuzzing requests for vulnerabilities
  • Intercepting requests
  • Great extensions through the store that extend functionality
  • Personally I have more trouble than I should getting the scope set just how I need it to filter out junk traffic like Google and Firefox background noise
Burp is great for all web application testing. If that is what you are doing I can't think of a scenario where it wouldn't work for you.
Never needed additional support for Burp. They have useful help documents in the application.
Score 9 out of 10
Vetted Review
Verified User
Review Source
BurpSuite is being used in our organization for performing penetration testing on internal as well as external-facing applications. It is a very light-weight tool which can be installed on almost any system (even legacy systems) and be utilized to exploit the applications. The software is being used by one of the departments within our organization which is working on the cybersecurity side. The application is not intended to be used by the whole organization since it contains malicious payloads which when deployed in the production department can bring the whole environment to a halt.
  • Automated as well as manual testing can be performed form a single tool. Usually, in the industry, automated and manual tools are available but in different tools. However, BurpSuite is a master tool which can perform both of the tasks.
  • Spidering feature: The spidering feature of BurpSuite is one of the most renowned features of this software. It contains an automated and manual process which completely scan a website end to end and shows you a flow chart which beautifully represents the entire workflow and all of this can be done on a click of automated spidering.
  • Acts as an amazing proxy service: BurpSuite helps you proxy all the web-based requests which can even be modified when sent or received. Unlike other proxies, this proxy works without fail. So it is highly reliable.
  • The interface is a big problem: No matter how many features a software provides you, if the features are not well presented, you will miss most of them when they are actually required. The presentation of the software should be improvised and made more presentable.
  • Tutorial videos for beginners: This software lacks a lot in tutorials. A beginner almost wastes most of the time in finding and understanding the features and the implementation of the same. The software vendor should work on providing more in-depth videos so that people can learn and understand the concepts.
BurpSuite is well suited in scenarios where the user is actually trying to exploit internal applications. The controls of internal applications can always be modified and made to suit the environment of the pen-testing. However, if this was for external applications, this tool can lock out the application since it has no control over the number and time of tries. A professional can, however, use it and make the necessary changes for the external applications but it can be risky at the time, so I would recommend it to be used only on internal/non-production applications.
BurpSuite does not have an amazing customer support. All the major help that you will find is from public forums and Google. Although you will find all the required information on Google, still at time professional support helps you solve the problem in much less time and make your operations go smoothly.
Tejas Gandhi | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Burp Suite is a web application security testing tool. As a security consultant, I have used Burp Suite for security testing for web applications of our clients and also for my own personal research.
  • First of all, it is possible to carry out manual security tests of web applications and mobile applications using this tool. The advantage is that you can also securely test the vulnerabilities related to the business logic of these apps.
  • It uses a local proxy, so it allows you to intercept the traffic of the applications to find vulnerabilities.
  • Its also allows you to manipulate the attribute fields of intercepted traffic to find any flaws inside applications.
  • Doesn't describe how to test different vulnerabilities, which can be challenging if you are a new user of this tool.
  • The community edition provides a limited number of features compared to the professional edition. Since many researchers use the community edition for security testing, they should provide more features which would be helpful.
Burp Suite is well-suited for doing testing of applications the way researchers want, in contrast to other automated security testing tools which perform tests of well-known vulnerabilities. In comparison to automated security testing tools, Burp Suite takes more time to perform the test as its a manual testing tool which can be a drawback if tests are to be carried out quickly.
I haven't had to use support.
Score 6 out of 10
Vetted Review
Verified User
Review Source
Our security department uses it, and I use it to test the security features of applications I develop. It solves the problem of needing a quick way of intercepting HTTP requests for our web apps and running routine scans.
  • Inspection/altering of HTTPb requests/responses.
  • The scans are fairly comprehensive and the application itself is very mature in this.
  • The attack features are very nice and are enough so that I don't have to do everything from scratch to test out my code.
  • Works great on a private network with no internet connection.
  • Setup for proxies is cumbersome and took some time to get setup. There's a lot to be done outside of Burp itself for this to work.
  • The interface is outdated and uses tabs for everything, can get lost in deep nested features if you're new
  • The way CSRF scans find the vulnerabilities can be cryptic and takes time to find in the documentation. When we get a result we want more comprehensive information on why a scan succeeded, not just failed.
After the initial setup, it's good for inspecting headers quickly on an application. Being able to watch all the traffic and let some through or alter them was a good visual. There is a big learning curve to this application however, it took plenty of time to get familiar with everything, as there's a lot of features that are not self-explanatory.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We have been using Burp Suite for about 5 years, however the organization has been using it for longer than that. I personally was introduced to it about 5 years ago, but not before hearing about it. Since I have become "pigeon-holed" into web penetration testing, I don't know a single person out there who does web penetration testing that wouldn't say Burp Suite is their main tool.
  • Intercepts web/browser traffic.
  • Pro version has a very useful scanner.
  • Has a variety of tools and add-ons.
  • One gripe I have, and this may be because its built for applications/browsers, is that it doesn't handle other traffic. I would love to see burp move towards a full Man in the middle tool
I will say that Burp Suite and or Burp Suite Pro are REQUIRED for any web application penetration test. While there are other tools out there that are similar, none have the range of abilities and tool set that Burp has. Burp suite also makes it easy to use. Everything is laid out in a manner that facilitates efficiency and ease of use.
Glenn Jones | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Burp Suite is being used by the Web Software Security Team. It is fairly easy to use and can do much of the dynamic security testing (DAST) at the company. We have a company policy that all websites must go through a security review before they can be moved to production. Burp is one of the tools that we use to help in this process. I have found that Burp Suite can usually do the job required fairly quickly. It also produces a report that most of the developers can understand.
  • Burp Suite is fairly quick to perform an attack on a website. I have found it very thorough for the time it takes to run an attack.
  • Burp Suite can spider a website very quickly and it usually finds most of the web pages on a website. Once it has spidered a website, it allows you to not attack any page it found during the scan. This is very useful when there are certain parts of a website you do not want to attack.
  • Burp Suite allow you easily log into a website as the first step in spidering and attacking. This is useful for us since most of our websites require a login before we can scan the internal pages of a website.
  • Burp Suite is not a tool that a complete security novice will get much out of. You do need to know the basics of application security to be able to properly use the tool.
  • Burp Suite can, at times, take a very long time to completely attack a website. I have found that some websites are still being attacked after a few hours. This is usually due to errors being thrown during the attack process and Burp Suite has determined that too many errors have been thrown it will stop attempting the test that was throwing the errors.
  • Burp Suite is constantly being updated. I find that I have to install a new release about two or three times a month. I know this should be considered a good thing, and it can be, but sometimes I am afraid that an update might break the tool.
Burp Suite is a good general tool to test websites as long as your website is not too large or you have the time for it to complete. We have some websites that only about five to ten minutes for Burp Suite to complete an attack and a spider only takes about two minutes. Other websites have taken a few hours to complete. I have seen a tester actually run Burp Suite against one of our websites and it took all day to complete.
Dan Fluharty | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Portswigger Burp Suite is used as one of two primary tools by the vulnerability assessment team for evaluating security of all 300+ public facing web sites. It serves as a reliable tool in the suite used to find and validate deficiencies, and implement and verify fixes.
  • Penetration testing of web applications
  • Web vulnerability scanning
  • Customized scan and attack applications
  • Easy to use, but difficult to master.
  • Some polish to the GUI and reports would be nice.
  • More comprehensive integration with government regulations would help in terms of compliance efforts.
Burp Suite is recognized among cybersecurity professionals as a world-class web security tool. It is amazingly inexpensive, with the full-featured Professional version at only $350, a price within reach of most organizations. For those with a limited budget or technical expertise, an outsourced solution may be better. Otherwise, it is really tough to beat this product for what it does.
Return to navigation