Cyber Tool Stack
All tools

Burp Suite

By PortSwigger

The standard toolkit for manual and automated web application penetration testing, sold in a free Community Edition, a single-user Professional edition built for hands-on testers, and a scaled-out Burp Suite DAST edition for continuous, less hands-on scanning across many applications.

Verified Source: 1

Product type
Software
Deployment
On-premCLI
Organization size
IndividualSMBMid-marketEnterprise
Pricing tier
Freemium

Capability checklist

DAST

How Burp Suite measures up against the full Dynamic Application Security Testing taxonomy.

Black-box scanning — supported
Tests a running application from the outside, without access to source code.
Authenticated scanning — supported
Crawls and tests pages that require a logged-in session.
API scanning — supported
Tests REST and GraphQL APIs, not just traditional web pages.
CI/CD scan automation — not supported
Runs scans automatically as part of the build and deploy pipeline.
Automated finding verification — supported
Confirms exploitability of findings to cut down false positives.
OWASP Top 10 coverage — not supported
Tests for the industry-standard set of common web application vulnerability classes.

Alternatives

Other Dynamic Application Security Testing tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.