TrustRadius Insights
Burp Suite is widely used by various teams and departments within organizations for conducting dynamic security testing, or DAST, on …
Overview
What is PortSwigger Burp Suite?
The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.
Recent Reviews
Pricing
N/A
Unavailable
What is PortSwigger Burp Suite?
The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
15 people also want pricing
Alternatives Pricing
What is Pentest-Tools.com?
Pentest-Tools.com allows users to discover and report vulnerabilities in websites and network infrastructures. They provide a set of integrated pentesting tools designed to enable users to perform easier, faster, and more effective pentest engagements. Quickly discover the attack surface of a…
Product Details
- About
- Tech Details
- FAQs
What is PortSwigger Burp Suite?
PortSwigger Burp Suite Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.
Reviewers rate Support Rating highest, with a score of 10.
The most common users of PortSwigger Burp Suite are from Small Businesses (1-50 employees).
Comparisons
Compare with
Reviews and Ratings
(51)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Burp Suite is widely used by various teams and departments within organizations for conducting dynamic security testing, or DAST, on websites and web applications. With its quick and efficient security review process, the software has proven to be a valuable tool in identifying and resolving security issues before they are moved to production. Users have found that Burp Suite produces easily understandable reports, allowing developers to identify and address vulnerabilities effectively.
Security consultants rely on Burp Suite for comprehensive security testing of both internal and external-facing web applications. The software consistently helps in finding valid and relevant bugs, enabling the consultants to provide accurate vulnerability assessments. Additionally, the vulnerability assessment team utilizes Burp Suite extensively as one of their primary tools for evaluating the security of over 300 public-facing websites.
One of the key benefits of Burp Suite is its ability to proactively identify security defects before they can be exploited. By using the software, teams can discover vulnerabilities early on and implement necessary fixes promptly. This approach ensures that applications are secure and protected from potential attacks.
Another advantage of Burp Suite is its wide range of tools for testing different types of attacks in web applications. Whether it's running automated scans for common bugs or performing manual inspections and manipulations of HTTP requests, users find Burp Suite to be reliable and effective. The software's lightweight nature allows it to be easily installed on various systems, making it accessible for testing both internal and external-facing applications.
While not intended for use by the entire organization due to its potential impact on production environments, Burp Suite is highly regarded by cybersecurity departments for its effectiveness in exploiting applications. Security professionals and application developers also utilize the software to test security features and intercept HTTP requests for inspection and manipulation.
In summary, Burp Suite plays a vital role in conducting dynamic security testing and vulnerability assessments for websites and web applications. Its user-friendly reports, comprehensive bug detection capabilities, proactive defect identification, wide range of tools, and accessibility make it a preferred choice for security consultants and teams across organizations.
Users commonly recommend the following:
-
BurpSuite is recommended for web application pentesting and security testing. Users suggest using BurpSuite to find vulnerabilities in web applications and improve their integrity and confidentiality. It is advised to try out the free version before purchasing the professional license. Furthermore, users suggest following OWASP guidelines for securing web and mobile applications when using BurpSuite.
-
BurpSuite is highly recommended as a testing tool for both web and mobile applications. Users find it valuable for manual testing, as it allows them to intercept browser and mobile application traffic and scan for vulnerabilities. They also highlight its power in finding gaps and misconfigurations in application setups.
-
Users recommend using BurpSuite for application assessment, vulnerability scanning, and automated scans with reports. They describe it as a must-have tool for web application security assessment and testing due to its ability to find flaws in the setup of applications.
Overall, users find BurpSuite beneficial in identifying vulnerabilities, improving security, and performing comprehensive assessments of web and mobile applications.
Attribute Ratings
Reviews
(1-2 of 2)Companies can't remove reviews or game the system. Here's why
Burp Suite is used by my security consultants to perform security assessments and reviews for the organization's applications. It is commonly used across the entire organization, by different groups and teams. The security consultants used the suite to perform their security assessments as well as for training for new hires.
- Manual penetration testing and configuration tweaks
- Automated bulk scanning and simulated scenarios
- Reports generations for mgt as well as working levels
- More features to be available for the free/community version to allow more learning
- Manual updating of plugin without network connectivity
- More controls with the manual testing with scenario inputs
- Manual PT
- Automated attacks
- Scanning for vulnerabilities
- Limited licenses for every application. It is not cheap
- Community edition lacking some of the good features
- Certification and proper training needed
- Nmap, F-Secure Rapid Detection Service and Qualys Container Security (CS)
Each tool is specific and are good for what they do. While Burp Suite can perform some level of the same functions, somehow security consultants prefer these tools as additional to the Burp Suite. Maybe due to open source and easy setup when compared to Burp Suite. But Burp Suite allows for one tool for many templates for each project.
July 12, 2019
Burp is for Professionals, Not Quick Fixes
Our security department uses it, and I use it to test the security features of applications I develop. It solves the problem of needing a quick way of intercepting HTTP requests for our web apps and running routine scans.
- Inspection/altering of HTTPb requests/responses.
- The scans are fairly comprehensive and the application itself is very mature in this.
- The attack features are very nice and are enough so that I don't have to do everything from scratch to test out my code.
- Works great on a private network with no internet connection.
- Setup for proxies is cumbersome and took some time to get setup. There's a lot to be done outside of Burp itself for this to work.
- The interface is outdated and uses tabs for everything, can get lost in deep nested features if you're new
- The way CSRF scans find the vulnerabilities can be cryptic and takes time to find in the documentation. When we get a result we want more comprehensive information on why a scan succeeded, not just failed.
- Positive impact, time to complete security development stage is decreased.
- Very positive impact on budgeting for external penetration testing. We can do the bulk of the common testing ourselves now.
We used Zap by OWASP as well. Zap is not as mature, however, it explained a lot of the scan results better, but was far more difficult to setup for custom applications. Scanning requests and altering headers in Zap was simply not as easy or visually explained as in Burp.