Penetration testing software from PortSwigger_

How Burp Suite Professional could help you advance your game

$399 per user, per year

When it comes to penetration testing software, Burp rules the roost. With over 40,000 users, it already dominates the industry - and it just keeps getting better.

Your ally, when every vulnerability counts

As a pentester, you're always looking for a workflow that's more efficient; more exhaustive; more reliable. And, as creators of the world's most widely-used pentesting software, PortSwigger is always looking for new ways to help you to do just that.

We love to shake up the industry, and groundbreaking research has become our hallmark. In turn, we often conceive entirely new attack techniques - which we then put within easy reach of our users. Of course, known weaknesses aren't ignored, and Burp detects the entire OWASP Top 10, from SQL injection to cross-site scripting (XSS) and beyond.

Every vulnerability counts
Smart automation

Smart automation, right where you need it

Our philosophy is that your valuable manual testing time should be saved for when it's really needed. With this in mind, Burp Suite Pro includes many powerful automated features. Most obvious is the web vulnerability scanner, but tools like Burp Intruder and our innovative crawler will also give you a huge advantage in speed and efficiency.

Automation should always be as smart as possible. Which is why every automated tool in Burp Suite Pro allows for further configuration. This is especially useful in situations where stealth is of the essence, or when you encounter an unusual target application.

Test every type of application

Burp Suite Pro arms its users to attack and test any type of web app or endpoint. Burp Suite Mobile Assistant, for instance, makes testing iOS apps extremely simple. Android devices can also be configured to work with Burp - making it a formidable platform for mobile application security testing.

In other cases, we've created whole new breeds of pentesting software to exploit vulnerabilities. Burp Collaborator is a case in point - it was the first tool on the market to allow Out-of-band Application Security Testing (OAST). Here, Burp reveals many previously blind classes of vulnerability by "collaborating" with an allied external server.

Every application
Pentesting tool

A pentesting tool with limitless potential

Years ago, Burp started life as a relatively simple intercepting proxy. Nowadays, its continuing success has seen it grow to encompass a whole suite of penetration testing tools. But the story doesn't end there.

Hundreds of curated, open source Burp Suite extensions are now available in the BApp Store. Many of these - such as Backslash Powered Scanner or Param Miner - are based on PortSwigger research. Others come from our valued community of users. No matter what functionality you'd like to add, if you can think it, Burp can do it.

The industry's most popular tool

Burp Suite Professional has over 40,000 users across more than 130 countries. This makes it the world's most widely used toolkit for web security testing.

This didn't happen by chance. Our tools are known to be a force multiplier for users' knowledge.

Of course, we would say that. But take a look at our credentials. Our software protects many of the world's most powerful organizations:

Amazon Google Walmart FedEx AXA Microsoft Salesforce Bank of America Samsung

Experience the Burp difference

Get a free 30-day trial of the latest version of Burp Suite Pro:

Try for free Buy

Burp Suite Pro is priced at $399 per user, per year.