Customer case study

Paychex

Burp Suite Professional in the professional services sector.

Introduction

Paychex, Inc. is an S&P 500 company providing outsourced payroll, human resource, and benefits services to a wide range of small to medium sized businesses. It has more than 100 locations across the US and Europe. A sizable proportion of private sector employees in the US receive their pay through Paychex.

Use case

Burp Suite Professional is important to Paychex because it allows them to:

  • Make penetration testing processes efficient.

Key features

Burp Suite Professional has a number of key features that are used by Paychex:

  • Burp Intruder, to automate customized attacks.

  • The wide array of manual tools Burp Suite Professional puts in one product.

  • Burp Repeater.

Block quote

Burp Suite has allowed me to analyze and attack request traffic more efficiently and effectively than other "enterprise" web scanners or automated pentest tools.

Paychex logo

Brian Murtha

Penetration Tester

Challenges

Paychex purchased Burp Suite Professional to allow their security engineer(s) to test their organization's own web applications.

Block quote

It is an excellent intercepting proxy with tools to manually inspect and modify requests.

Paychex logo

Brian Murtha

Penetration Tester

Benefits

The main benefit Paychex finds that it gains from using Burp Suite Professional is that:

  • It has all the features they need in one product.

Block quote

98% of surveyed penetration testers are likely to recommend Burp Suite Professional. Source: TechValidate survey of PortSwigger customers

Value statements

Brian Murtha - a penetration tester at Paychex - agreed with the following statements:

  • I perform my job more effectively by using Burp Suite.
  • Burp Suite is great value for money.
  • Burp Suite helps to keep my business secure.
  • Burp Suite is "best in class" software.

Final thoughts

Paychex had the following to share on its experience with Burp Suite Professional:

  • Resources like PortSwigger Research and the Web Security Academy mean PortSwigger are the experts I'd recommend to anyone wanting to expand their cybersecurity capabilities.

About Burp Suite Professional

Burp Suite Professional is an advanced set of tools for testing web security - all within a single product. From a basic intercepting proxy to a cutting-edge vulnerability scanner, with Burp Suite Pro, the right tool is never more than a click away.