TrustRadius Insights
Burp Suite is widely used by various teams and departments within organizations for conducting dynamic security testing, or DAST, on …
Overview
What is PortSwigger Burp Suite?
The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.
Recent Reviews
Pricing
N/A
Unavailable
What is PortSwigger Burp Suite?
The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
15 people also want pricing
Alternatives Pricing
What is Pentest-Tools.com?
Pentest-Tools.com allows users to discover and report vulnerabilities in websites and network infrastructures. They provide a set of integrated pentesting tools designed to enable users to perform easier, faster, and more effective pentest engagements. Quickly discover the attack surface of a…
Product Details
- About
- Tech Details
- FAQs
What is PortSwigger Burp Suite?
PortSwigger Burp Suite Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
The Burp Suite, from UK-based alcohol-themed software company PortSwigger Web Security, is an application security and testing solution.
Reviewers rate Support Rating highest, with a score of 10.
The most common users of PortSwigger Burp Suite are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(51)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Burp Suite is widely used by various teams and departments within organizations for conducting dynamic security testing, or DAST, on websites and web applications. With its quick and efficient security review process, the software has proven to be a valuable tool in identifying and resolving security issues before they are moved to production. Users have found that Burp Suite produces easily understandable reports, allowing developers to identify and address vulnerabilities effectively.
Security consultants rely on Burp Suite for comprehensive security testing of both internal and external-facing web applications. The software consistently helps in finding valid and relevant bugs, enabling the consultants to provide accurate vulnerability assessments. Additionally, the vulnerability assessment team utilizes Burp Suite extensively as one of their primary tools for evaluating the security of over 300 public-facing websites.
One of the key benefits of Burp Suite is its ability to proactively identify security defects before they can be exploited. By using the software, teams can discover vulnerabilities early on and implement necessary fixes promptly. This approach ensures that applications are secure and protected from potential attacks.
Another advantage of Burp Suite is its wide range of tools for testing different types of attacks in web applications. Whether it's running automated scans for common bugs or performing manual inspections and manipulations of HTTP requests, users find Burp Suite to be reliable and effective. The software's lightweight nature allows it to be easily installed on various systems, making it accessible for testing both internal and external-facing applications.
While not intended for use by the entire organization due to its potential impact on production environments, Burp Suite is highly regarded by cybersecurity departments for its effectiveness in exploiting applications. Security professionals and application developers also utilize the software to test security features and intercept HTTP requests for inspection and manipulation.
In summary, Burp Suite plays a vital role in conducting dynamic security testing and vulnerability assessments for websites and web applications. Its user-friendly reports, comprehensive bug detection capabilities, proactive defect identification, wide range of tools, and accessibility make it a preferred choice for security consultants and teams across organizations.
Users commonly recommend the following:
-
BurpSuite is recommended for web application pentesting and security testing. Users suggest using BurpSuite to find vulnerabilities in web applications and improve their integrity and confidentiality. It is advised to try out the free version before purchasing the professional license. Furthermore, users suggest following OWASP guidelines for securing web and mobile applications when using BurpSuite.
-
BurpSuite is highly recommended as a testing tool for both web and mobile applications. Users find it valuable for manual testing, as it allows them to intercept browser and mobile application traffic and scan for vulnerabilities. They also highlight its power in finding gaps and misconfigurations in application setups.
-
Users recommend using BurpSuite for application assessment, vulnerability scanning, and automated scans with reports. They describe it as a must-have tool for web application security assessment and testing due to its ability to find flaws in the setup of applications.
Overall, users find BurpSuite beneficial in identifying vulnerabilities, improving security, and performing comprehensive assessments of web and mobile applications.
Attribute Ratings
Reviews
(1-2 of 2)Companies can't remove reviews or game the system. Here's why
September 12, 2019
Hack your applications before anyone else can using BurpSuite
BurpSuite is being used in our organization for performing penetration testing on internal as well as external-facing applications. It is a very light-weight tool which can be installed on almost any system (even legacy systems) and be utilized to exploit the applications. The software is being used by one of the departments within our organization which is working on the cybersecurity side. The application is not intended to be used by the whole organization since it contains malicious payloads which when deployed in the production department can bring the whole environment to a halt.
- Automated as well as manual testing can be performed form a single tool. Usually, in the industry, automated and manual tools are available but in different tools. However, BurpSuite is a master tool which can perform both of the tasks.
- Spidering feature: The spidering feature of BurpSuite is one of the most renowned features of this software. It contains an automated and manual process which completely scan a website end to end and shows you a flow chart which beautifully represents the entire workflow and all of this can be done on a click of automated spidering.
- Acts as an amazing proxy service: BurpSuite helps you proxy all the web-based requests which can even be modified when sent or received. Unlike other proxies, this proxy works without fail. So it is highly reliable.
- The interface is a big problem: No matter how many features a software provides you, if the features are not well presented, you will miss most of them when they are actually required. The presentation of the software should be improvised and made more presentable.
- Tutorial videos for beginners: This software lacks a lot in tutorials. A beginner almost wastes most of the time in finding and understanding the features and the implementation of the same. The software vendor should work on providing more in-depth videos so that people can learn and understand the concepts.
- No negative impact has been made by this application.
- Metasploit and Wireshark
These tools are used in conjunction with BurpSuite and help improvising the security drill.
August 24, 2018
Burp Suite a good Security Testing Tool at a Good Price
Burp Suite is being used by the Web Software Security Team. It is fairly easy to use and can do much of the dynamic security testing (DAST) at the company. We have a company policy that all websites must go through a security review before they can be moved to production. Burp is one of the tools that we use to help in this process. I have found that Burp Suite can usually do the job required fairly quickly. It also produces a report that most of the developers can understand.
- Burp Suite is fairly quick to perform an attack on a website. I have found it very thorough for the time it takes to run an attack.
- Burp Suite can spider a website very quickly and it usually finds most of the web pages on a website. Once it has spidered a website, it allows you to not attack any page it found during the scan. This is very useful when there are certain parts of a website you do not want to attack.
- Burp Suite allow you easily log into a website as the first step in spidering and attacking. This is useful for us since most of our websites require a login before we can scan the internal pages of a website.
- Burp Suite is not a tool that a complete security novice will get much out of. You do need to know the basics of application security to be able to properly use the tool.
- Burp Suite can, at times, take a very long time to completely attack a website. I have found that some websites are still being attacked after a few hours. This is usually due to errors being thrown during the attack process and Burp Suite has determined that too many errors have been thrown it will stop attempting the test that was throwing the errors.
- Burp Suite is constantly being updated. I find that I have to install a new release about two or three times a month. I know this should be considered a good thing, and it can be, but sometimes I am afraid that an update might break the tool.
- Burp Suite is a decent tool for the price and many security testers know how to use it. Considering some DAST tools cost 10 of thousands of dollars a year to get a license for and they do not do any better at scanning a website than Burp Suite if is a good investment.
- Burp Suite has many training videos and tutorials available on the Internet. Testers are good for training your staff on how to use the tool.
- Burp Suite needs to improve their support for testers website attacks. Not completing successfully is not a good option after a few hours of running.
Burp Suite stacks up fairly well against these other two products both of which are quite expensive to license. The best other product I would suggest is OWASP Zed Attack Proxy or ZAP. It performs quite well and the cost of the product is free. ZAP is an Open Source product. If, however, you do not want to use an open source product I would either go with Burp Suite or look into the more expensive Rapid7 AppSpider.
No
- Price
- Product Usability
- Product Reputation
The single most important factor in my decision to select Burp Suite was the price for obtaining a license for the product and the usefulness of the product. It has a lot of training available online and the support is quite good. Whenever I open a support question with the vendor they usually answer my question with a few hours of my asking the question. This is very good for the cost of the license.
I like Burp Suite and I don't think I would change my mind if I had to make the decision again. The product usually runs well and does what I need it to do. There some problems with the product but for the price, it is quite a good product.