Burp is for Professionals, Not Quick Fixes
July 12, 2019
Burp is for Professionals, Not Quick Fixes
Score 6 out of 10
Vetted Review
Verified User
Overall Satisfaction with Burp Suite
Our security department uses it, and I use it to test the security features of applications I develop. It solves the problem of needing a quick way of intercepting HTTP requests for our web apps and running routine scans.
- Inspection/altering of HTTPb requests/responses.
- The scans are fairly comprehensive and the application itself is very mature in this.
- The attack features are very nice and are enough so that I don't have to do everything from scratch to test out my code.
- Works great on a private network with no internet connection.
- Setup for proxies is cumbersome and took some time to get setup. There's a lot to be done outside of Burp itself for this to work.
- The interface is outdated and uses tabs for everything, can get lost in deep nested features if you're new
- The way CSRF scans find the vulnerabilities can be cryptic and takes time to find in the documentation. When we get a result we want more comprehensive information on why a scan succeeded, not just failed.
- Positive impact, time to complete security development stage is decreased.
- Very positive impact on budgeting for external penetration testing. We can do the bulk of the common testing ourselves now.
We used Zap by OWASP as well. Zap is not as mature, however, it explained a lot of the scan results better, but was far more difficult to setup for custom applications. Scanning requests and altering headers in Zap was simply not as easy or visually explained as in Burp.