Hack your applications before anyone else can using BurpSuite
September 12, 2019

Hack your applications before anyone else can using BurpSuite

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Burp Suite

BurpSuite is being used in our organization for performing penetration testing on internal as well as external-facing applications. It is a very light-weight tool which can be installed on almost any system (even legacy systems) and be utilized to exploit the applications. The software is being used by one of the departments within our organization which is working on the cybersecurity side. The application is not intended to be used by the whole organization since it contains malicious payloads which when deployed in the production department can bring the whole environment to a halt.
  • Automated as well as manual testing can be performed form a single tool. Usually, in the industry, automated and manual tools are available but in different tools. However, BurpSuite is a master tool which can perform both of the tasks.
  • Spidering feature: The spidering feature of BurpSuite is one of the most renowned features of this software. It contains an automated and manual process which completely scan a website end to end and shows you a flow chart which beautifully represents the entire workflow and all of this can be done on a click of automated spidering.
  • Acts as an amazing proxy service: BurpSuite helps you proxy all the web-based requests which can even be modified when sent or received. Unlike other proxies, this proxy works without fail. So it is highly reliable.
  • The interface is a big problem: No matter how many features a software provides you, if the features are not well presented, you will miss most of them when they are actually required. The presentation of the software should be improvised and made more presentable.
  • Tutorial videos for beginners: This software lacks a lot in tutorials. A beginner almost wastes most of the time in finding and understanding the features and the implementation of the same. The software vendor should work on providing more in-depth videos so that people can learn and understand the concepts.
  • No negative impact has been made by this application.
These tools are used in conjunction with BurpSuite and help improvising the security drill.
BurpSuite does not have an amazing customer support. All the major help that you will find is from public forums and Google. Although you will find all the required information on Google, still at time professional support helps you solve the problem in much less time and make your operations go smoothly.

Do you think PortSwigger Burp Suite delivers good value for the price?

Yes

Are you happy with PortSwigger Burp Suite's feature set?

Yes

Did PortSwigger Burp Suite live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of PortSwigger Burp Suite go as expected?

Yes

Would you buy PortSwigger Burp Suite again?

Yes

BurpSuite is well suited in scenarios where the user is actually trying to exploit internal applications. The controls of internal applications can always be modified and made to suit the environment of the pen-testing. However, if this was for external applications, this tool can lock out the application since it has no control over the number and time of tries. A professional can, however, use it and make the necessary changes for the external applications but it can be risky at the time, so I would recommend it to be used only on internal/non-production applications.