login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Tuesday, 25 June 2013

Burp Suite confirmed as best value web security scanner

As part of this year's Hack Miami conference, a large number of independent security researchers conducted a "Pen-Test Tools Shootout", evaluating several leading web security scanners and comparing their performance against a range of targets and benchmarks. The results are now in:

Product Cost User
Interface
Vulnerability
Detection
Reporting Overall
Value
Acunetix $1,400 - $13,000 5 4 4.5 4
Appscan $20,000 3.5 4 4.8 3
Burp Suite $299 4 4 3.5 5
Nexpose $20,000 5 5 4.8 5
NTO Spider $10,000 4 3 4 3

The authors' overall conclusion is: "Burp Suite and Nexpose/Metasploit Pro currently provide the most value to the independent security consultant in terms of discovered vulnerabilities, ease of use, licensing flexibility, and range of functionality".

Since Nexpose costs 66 times the price of Burp Suite, getting the joint top rating is a pretty good result for Burp. The only area where we were significantly marked down was in only being able to generate reports in HTML format, not as PDF. Now, I've always used an external "save as PDF" conversion when this is needed, but maybe this is something we need to look at to get even better.

Read the full whitepaper here.

2 comments:

Jambi said...

I totally agree. I have licenses for Burp, Appscan, Cenzic and Core. Without exaggeration, I use Burp exclusively for about 95% of the hours spent during a web app assessment.

It seems like ZAP development has been picking up, so you need to hire those devs and start releasing some new features and enhancements to keep your lead on the competition. :-)

Anonymous said...

You cannot be serious with this article. Is it targeted towards kids or people who have bought Burp but and haven't tried anything else in their life?


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.