PortSwigger Burp Suite should be part of every app sec professionals toolkit
Updated May 20, 2025

PortSwigger Burp Suite should be part of every app sec professionals toolkit

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

Burp Suite Professional

Overall Satisfaction with PortSwigger Burp Suite

We utilize PortSwigger Burp Suite for multiple aspects including our application security testing, internal red teaming exercises, and vulnerability management.

As part of our secure SDLC, we utilize PortSwigger Burp Suite for Interactive Application Security Testing (IAST) to ensure no code vulnerabilities are present.

We also utilize PortSwigger Burp Suite to validate CVE's and attempt exploitation of publicly released vulnerabilities. This provides a first hand view of what the attack is capable of.

Pros

  • Web proxy for application security testing
  • Extensive list of integrations to enrich capabilities for scenario specific use cases
  • Automate common attack types using burp intruder

Cons

  • The user interface is pretty bland but easy to use once you learn it.
  • Billing support is limited. For enterprise customers, it would be ideal if it could be purchased through a PO and invoice rather than credit card.
  • Limited product support
  • Risk reduction for applications.
  • Increased deployment efficiency through automation and gating.
  • Multiple price points based on needs. The product is priced very reasonably.
Easy to use once you learn it; however, the user interface is not very intuitive at first view. Port Swigger does provide a lot of video resources for self-paced learning which helps. Most of the end users for PortSwigger Burp Suite will be technical and should be able to learn the product with the free resources.
OWASP ZAP is ok, but is open source. I find that PortSwigger Burp Suite is a more feature rich application and continues to come out with new features. PortSwigger Burp Suite also has a much bigger ecosystem for integrations making it worth the price. I feel OWASP ZAP is more comparable to PortSwigger Burp Suite's community edition.

Do you think PortSwigger Burp Suite delivers good value for the price?

Yes

Are you happy with PortSwigger Burp Suite's feature set?

Yes

Did PortSwigger Burp Suite live up to sales and marketing promises?

Yes

Did implementation of PortSwigger Burp Suite go as expected?

Yes

Would you buy PortSwigger Burp Suite again?

Yes

PortSwigger Burp Suite is top notch for environments with a dedicated application security team or resource. It should be part of the standard toolset for any application security program.

PortSwigger Burp Suite does require some specialized skillsets and knowledge to utilize making it not ideal for companies lacking in dedicated security staff or software engineers.

Comments

More Reviews of PortSwigger Burp Suite

  1. Home
  2. Penetration Testing Tools
  3. PortSwigger Burp Suite Reviews
  4. User Review of PortSwigger Burp Suite