Item: PortSwigger Burp Suite
Rating: 10
Author: Dan Fluharty

Use Cases and Deployment Scope

Portswigger Burp Suite is used as one of two primary tools by the vulnerability assessment team for evaluating security of all 300+ public facing web sites. It serves as a reliable tool in the suite used to find and validate deficiencies, and implement and verify fixes.

Pros and Cons

Penetration testing of web applications
Web vulnerability scanning
Customized scan and attack applications

Easy to use, but difficult to master.
Some polish to the GUI and reports would be nice.
More comprehensive integration with government regulations would help in terms of compliance efforts.

Return on Investment

Scanned 100% of the orgs public facing web sites with a small team of analysts.
Provided a reputable second opinion source to back up the other product in use i.e. Webinspect.
Pro version $350 is amazing ROI, considering the thwarted attacks and that it's competition is priced in the tens of thousands last I checked.
No successful hacks. Q.E.D. :-)

Alternatives Considered

Burp Suite is more difficult to master, but only because of the extensive functionality and customization options. It is much more affordable than its competition and deserves its recognition as a top tool in the industry.

Other Software Used

HP Fortify Security Scope

Likelihood to Recommend

Burp Suite is recognized among cybersecurity professionals as a world-class web security tool. It is amazingly inexpensive, with the full-featured Professional version at only $350, a price within reach of most organizations. For those with a limited budget or technical expertise, an outsourced solution may be better. Otherwise, it is really tough to beat this product for what it does.

Best Web Security Tool - Hands Down

Overall Satisfaction with Burp Suite