Looking for our research? We've moved it to a dedicated page

Burp Suite confirmed as best value web security scanner

Dafydd Stuttard | 25 June 2013 at 16:07 UTC
burp scanners hacktools

As part of this year's Hack Miami conference, a large number of independent security researchers conducted a "Pen-Test Tools Shootout", evaluating several leading web security scanners and comparing their performance against a range of targets and benchmarks. The results are now in:

Product Cost User
Interface
Vulnerability
Detection
Reporting Overall
Value
Acunetix $1,400 - $13,000 5 4 4.5 4
Appscan $20,000 3.5 4 4.8 3
Burp Suite $299 4 4 3.5 5
Nexpose $20,000 5 5 4.8 5
NTO Spider $10,000 4 3 4 3

The authors' overall conclusion is: "Burp Suite and Nexpose/Metasploit Pro currently provide the most value to the independent security consultant in terms of discovered vulnerabilities, ease of use, licensing flexibility, and range of functionality".

Since Nexpose costs 66 times the price of Burp Suite, getting the joint top rating is a pretty good result for Burp. The only area where we were significantly marked down was in only being able to generate reports in HTML format, not as PDF. Now, I've always used an external "save as PDF" conversion when this is needed, but maybe this is something we need to look at to get even better.

Read the full whitepaper