We use PortSwigger Burp Suite professional mainly for testing the security of web application and APIs. it's an essential tool for our cybersecurity team during vulnerability and penetration testing. We also use it to test APIs making sure data is handled securely and only the right users have access to sensitive functions.

Pros

One of the best features is the intercepting proxy, Which lets us see and change what's being sent between our browser and the website.
The repeater is great for manual testing.

Return on Investment

Using PortSwigger Burp Suite Professional has had a significant positive impact on our business by improving the quality and efficiency of our web application security testing.

Usability

Alternatives Considered

Tenable Nessus

Other Software Used

Tenable Nessus, Abacus POS

Verified User

Director in Information Technology (51-200 employees employees)

Use Cases and Deployment Scope

We utilize PortSwigger Burp Suite for multiple aspects including our application security testing, internal red teaming exercises, and vulnerability management.

As part of our secure SDLC, we utilize PortSwigger Burp Suite for Interactive Application Security Testing (IAST) to ensure no code vulnerabilities are present.

We also utilize PortSwigger Burp Suite to validate CVE's and attempt exploitation of publicly released vulnerabilities. This provides a first hand view of what the attack is capable of.

Pros

Web proxy for application security testing
Extensive list of integrations to enrich capabilities for scenario specific use cases
Automate common attack types using burp intruder

Cons

The user interface is pretty bland but easy to use once you learn it.
Billing support is limited. For enterprise customers, it would be ideal if it could be purchased through a PO and invoice rather than credit card.
Limited product support

Return on Investment

Risk reduction for applications.
Increased deployment efficiency through automation and gating.
Multiple price points based on needs. The product is priced very reasonably.

Usability

Alternatives Considered

OWASP ZAP

Other Software Used

OWASP ZAP, Snyk

Verified User

Employee in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

The PortSwigger Burp Suite plays a big role on a daily basis, but after loading extensions, the software lags too much. Active scan sends lots of junk requests, which can be improved.The software can be bit lite and more fast as in java lots of thing run slow and at a particular speed.

Pros

proxy
passive scans
response capture

Cons

speed
more accuracy
lite weight
ui

Return on Investment

Manual VAPT
Security Testing

Usability

Alternatives Considered

Acunetix by Invicti, HCL AppScan and Metasploit

Other Software Used

Tenable Nessus, Acunetix by Invicti, Metasploit

Piyush Mittal View profile

Senior Manager in Information Technology at Aujas Cybersecurity Ltd. (501-1000 employees employees)

Use Cases and Deployment Scope

With the help of PortSwigger Burp Suite we do the penetration testing of applications. It helps us in proactively identifying security defects and we can fix them before an attacker exploits them. It is a set of tools that we can use to test different type of attacks in a web application. I can also run automagic scan to identify common bugs.

Pros

Automated scans
Detailed reporting of bugs
Less costly or cost effective

Cons

User interface can be improved
Automated scan report can be further improved to reduce false positive
Sometimes tool crashes when open large number of threads

Most Important Features

Automated Scans
Brute force simulation attack on critical website
Act as a proxy for data comparison

Return on Investment

Increased return on security investment
Proactively identifying and reporting critical vulnerabilities which return in customer satisfaction
Adherence to policy and external regulatory compliance

Alternatives Considered

Acunetix by Invicti

Other Software Used

Microsoft Teams, Archer Integrated Risk Management Platform, Microsoft Excel

Melvin John View profile

Manager - Security Testing at IBS Software (1001-5000 employees employees)

Pros

The passive scan feature is really awesome, it kind of covers areas that you might miss.
The CSRF POC is really helpful to my team. It helps development team see the issue and understand it.
Burp intruder and repeater are the features I myself and my team uses the most as it helps us use our payloads in a variety of different ways.
Active scan helps the team to ensure coverage for the whole application.

Cons

Reporting area is a weak area that we have identified with Burp.
DevsecOps integration is something I am really curious about...
The user interface can be considered to make more improvements.

Most Important Features

Intruder, repeater.
Active-scan, passive scan.
CSRF POC.
Different add-on plugins.

Return on Investment

Huge ROI.
Test quality improvement.
Improved risk mitigation.

Alternatives Considered

Acunetix by Invicti and Netsparker

Other Software Used

Checkmarx, Micro Focus Fortify Static Code Analyzer, Acunetix by Invicti

PortSwigger Burp Suite

What is PortSwigger Burp Suite?

Categories & Use Cases

Most Frequent Users

Professional, Scientific, and Technical Services

Information

Manufacturing

Reviews

Use Cases and Deployment Scope

Pros

Return on Investment

Usability

Alternatives Considered

Other Software Used

Use Cases and Deployment Scope

Pros

Cons

Return on Investment

Usability

Alternatives Considered

Other Software Used

Use Cases and Deployment Scope

Pros

Cons

Return on Investment

Usability

Alternatives Considered

Other Software Used

Use Cases and Deployment Scope

Pros

Cons

Most Important Features

Return on Investment

Alternatives Considered

Other Software Used

Pros

Cons

Most Important Features

Return on Investment

Alternatives Considered

Other Software Used