When it comes to penetration testing software, Burp rules the roost. With over 40,000 users, it already dominates the industry - and it just keeps getting better.
As a pentester, you're always looking for a workflow that's more efficient; more exhaustive; more reliable. And, as creators of the world's most widely-used pentesting software, PortSwigger is always looking for new ways to help you to do just that.
We love to shake up the industry, and groundbreaking research has become our hallmark. In turn, we often conceive entirely new attack techniques - which we then put within easy reach of our users. Of course, known weaknesses aren't ignored, and Burp Suite Pro can be used to test for the whole OWASP Top 10, from SQL injection to cross-site scripting (XSS) and beyond.
Our philosophy is that your valuable manual testing time should be saved for when it's really needed. With this in mind, Burp Suite Pro includes many powerful automated features. Most obvious is the web vulnerability scanner, but tools like Burp Intruder and our innovative crawler will also give you a huge advantage in speed and efficiency.
Automation should always be as smart as possible. Which is why every automated pentesting tool in Burp Suite Pro allows for further configuration. This is especially useful in situations where stealth is of the essence, or when you encounter an unusual target application.
Burp Suite Pro arms its users to attack and test any type of web app or endpoint. Burp Suite Mobile Assistant, for instance, makes testing iOS apps extremely simple. Android devices can also be configured to work with Burp - making it a formidable platform for mobile application security testing.
In other cases, we've created whole new breeds of pentesting software to exploit vulnerabilities. Burp Collaborator is a case in point - it was the first tool on the market to allow Out-of-band Application Security Testing (OAST). Here, Burp reveals many previously blind classes of vulnerability by "collaborating" with an allied external server.
Years ago, Burp started life as a relatively simple intercepting proxy. Nowadays, its continuing success has seen it grow to encompass a whole suite of penetration testing tools. But the story doesn't end there.
Hundreds of curated, open source Burp Suite extensions are now available in the BApp Store. Many of these - such as Backslash Powered Scanner or Param Miner - are based on PortSwigger research. Others come from our valued community of users. No matter what functionality you'd like to add, if you can think it, Burp can do it.
Experience the Burp difference
Get a free 30-day trial of the latest version of Burp Suite Pro:
Burp Suite Pro is priced at $399 per user, per year.