Logo of Burp Suite

Burp Suite

Website LinkedIn Twitter

Last updated on

Ratings

G2
4.8/5
(119)
TrustPilot
3.7/5
(1)

Burp Suite description

Burp Suite is a cybersecurity toolkit designed for testing the security of web applications. It's a popular choice for security professionals and is used by many organizations worldwide, from small businesses to large corporations. The software provides a range of tools, including a proxy for intercepting web traffic, a scanner for automatically finding vulnerabilities, and tools for manually exploiting vulnerabilities. Burp Suite can be used to find a wide variety of security flaws, including those listed in the OWASP Top 10.

Who is Burp Suite best for

Burp Suite is a powerful cybersecurity toolkit ideal for web application security testing. Praised for its comprehensive features, including a proxy, scanner, and manual exploit tools, Burp Suite helps identify vulnerabilities and secure web applications. However, some users note a steep learning curve and occasional performance issues. Despite these drawbacks, many appreciate its robust functionality and extensibility through plugins.

  • Ideal for small, medium, and large businesses.

  • Best fit for Software, IT, and Telecommunications.

Burp Suite features

Type in the name of the feature or in your own words tell us what you need
Supported

Burp Suite Professional and Enterprise editions support customizable vulnerability reports.
Supported

Burp Suite provides vulnerability reports with severity levels and remediation advice.
Supported

Burp Suite offers manual exploit tools like Repeater, Intruder, and Proxy Intercept.
Supported

Burp Suite automatically scans web applications for security vulnerabilities using Burp Scanner.
Qualities

We evaluate the sentiment that users express about non-functional aspects of the software

Ease of Use

Strongly positive
+1

Reliability and Performance

Neutral
+0

Burp Suite reviews

We've summarised 116 Burp Suite reviews (Burp Suite TrustPilot reviews and Burp Suite G2 reviews) and summarised the main points below.

Pros of Burp Suite
  • Excellent proxy tool for intercepting and modifying HTTP requests.
  • Comprehensive suite of tools for web security testing.
  • Extensible with a wide range of plugins.
  • Automated scanning helps identify common vulnerabilities.
  • Repeater and Intruder tools are very powerful for manual testing.
Cons of Burp Suite
  • High cost of the professional version.
  • Occasional performance issues, crashes, and errors.
  • Steep learning curve for new users.
  • False positives in automated scans require manual verification.
  • Unintuitive and outdated user interface could be improved

Burp Suite pricing

The commentary is based on 9 reviews from Burp Suite G2 reviews and Burp Suite TrustPilot reviews.

Burp Suite offers a free community edition, while the professional version is generally considered expensive, around $399/year. Some users find the price reasonable for its extensive features, especially for professional pentesters. Others wish for more features in the free version.

Users sentiment

Neutral
+0

Burp Suite alternatives

  • Logo of Invicti (formerly Netsparker)
    Invicti (formerly Netsparker)
    Prioritizes automated scanning and accuracy, minimizing manual verification. Better suited for larger enterprises with complex web applications. Integrates with development tools and SDLC. A strong Burp Suite competitor for automated web application security testing.
    Read more
  • Logo of Qualys WAS
    Qualys WAS
    Better for mid-sized companies. Has faster growth momentum. Lacks manual exploit tools. Qualys WAS is a Burp Suite alternative and competitor.
    Read more
  • Logo of Microsoft Defender for Cloud
    Microsoft Defender for Cloud
    Better for cloud security posture management, especially across multiple cloud platforms. Broader industry applicability, including healthcare, manufacturing, and consumer goods. More established and growing faster. However, initial setup can be complex, and the pricing structure is less transparent.
    Read more
  • Logo of vPenTest
    vPenTest
    More affordable and focuses on automated network security testing, ideal for MSPs and SMBs. A Burp Suite competitor, vPenTest lacks application and website penetration testing. Easier to use with better customer service, but reporting can be slow and less customizable.
    Read more
  • Logo of Cisco Umbrella
    Cisco Umbrella
    Better for DNS-layer security and protecting remote workforces. A cloud-based security solution suitable as a secure internet gateway. More affordable, but some find the web console slow and initial deployment difficult. Lacks web application scanning capabilities.
    Read more
  • Logo of Tenable One
    Tenable One
    Better for managing broader security risks beyond web applications. A more unified platform for comprehensive vulnerability management. More suitable for enterprise security management. Tenable One is a Burp Suite alternative and competitor.
    Read more

Burp Suite FAQ

  • What is Burp Suite and what does Burp Suite do?

    Burp Suite is a web security testing toolkit used to identify vulnerabilities in web applications. It offers a comprehensive set of tools for intercepting traffic, scanning for vulnerabilities, and manually exploiting weaknesses, making it a popular choice among security professionals.

  • How does Burp Suite integrate with other tools?

    Burp Suite integrates with other tools through its REST API, Burp Extender, and CI/CD tools like Jenkins and TeamCity. The Extender allows for customization and adding new functionalities, while the REST API enables integration with other security testing tools.

  • What the main competitors of Burp Suite?

    Top alternatives to Burp Suite include Acunetix, Invicti, and OWASP ZAP. These tools offer similar web application security testing capabilities, addressing needs like vulnerability scanning and penetration testing. They provide varying features and pricing structures to suit different budgets and requirements.

  • Is Burp Suite legit?

    Yes, Burp Suite is a legitimate and widely used web security testing tool. It's safe for security professionals to use for identifying vulnerabilities in web applications. However, the software's complexity requires technical expertise, and improper use could potentially affect website functionality.

  • How much does Burp Suite cost?

    Burp Suite Professional is available for $499 per year, while Burp Suite Enterprise Edition's pricing is not publicly disclosed. Contact PortSwigger for a customized quote to determine if the product is worth it for your needs.

  • Is Burp Suite customer service good?

    Users generally praise Burp Suite's support, citing helpful responses and resources. However, some community support queries remain unanswered. While the software is praised for its features and extensibility, some users have reported occasional crashes and performance issues.

Reviewed by

MK
Michal Kaczor
CEO at Gralio

Michal has worked at startups for many years and writes about topics relating to software selection and IT management. As a former consultant for Bain, a business advisory company, he also knows how to understand needs of any business and find solutions to its problems.

TT
Tymon Terlikiewicz
CTO at Gralio

Tymon is a seasoned CTO who loves finding the perfect tools for any task. He recently headed up the tech department at Batmaid, a well-known Swiss company, where he managed about 60 software purchases, including CX, HR, Payroll, Marketing automation and various developer tools.