The perfect partner for a Security professional
June 01, 2021

The perfect partner for a Security professional

Melvin John | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Burp Suite

Our company has a set of security consultants who conducts penetration testing on all the products developed by our company on a regular basis. Being an enterprise product-based company, we have tried out many other scanning tools and ended up using burp which was the only one that helped our consultants to come up with valid and relevant bugs.
  • The passive scan feature is really awesome, it kind of covers areas that you might miss.
  • The CSRF POC is really helpful to my team. It helps development team see the issue and understand it.
  • Burp intruder and repeater are the features I myself and my team uses the most as it helps us use our payloads in a variety of different ways.
  • Active scan helps the team to ensure coverage for the whole application.
  • Reporting area is a weak area that we have identified with Burp.
  • DevsecOps integration is something I am really curious about...
  • The user interface can be considered to make more improvements.
  • Intruder, repeater.
  • Active-scan, passive scan.
  • Different add-on plugins.
  • Huge ROI.
  • Test quality improvement.
  • Improved risk mitigation.
Burp was getting us more accurate results. This doesn't mean that the other tools are bad. They just didn't suit our company. Since our products had many business logic bases testing requirements, it was hard for other tools to perform. Burp on the other had worked perfectly assisting the tester with required support.

Do you think PortSwigger Burp Suite delivers good value for the price?


Are you happy with PortSwigger Burp Suite's feature set?


Did PortSwigger Burp Suite live up to sales and marketing promises?


Did implementation of PortSwigger Burp Suite go as expected?


Would you buy PortSwigger Burp Suite again?


Best suited if you have a team that has the ability and bandwidth to conduct manual penetration testing. In our case, many commercial tools were unable to find any valid bugs.

Not suitable to teams who needs security testing done with just one click. Reporting is also an issue with this tool.