Burp Suite User Forum

Login to post

Pro Query from in one of the customer.

Basavaraja | Last updated: Apr 05, 2021 02:55PM UTC

Hi, Can you please if below functionalist are available in PRO version? also does PRO license come with unlimited users/app test? Mobile Application Analytic and Penetration Testing tool with the following features: Vulnerability Assessment (VA) Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Application Programming Interface (API) Testing OWASP Mobile Top 10 Assessment Penetration Testing (PT) Manual Application Security Testing (MAST) Automated Application Security Attacks Remediation for Mobile Apps OWASP Mobile Top 10 Testing Others; Cross-Platform testing (iOS, Android) Unlimited users Unlimited number of tests (Not limited to number of Apps to test) Test for Compliance and Regulations e.g. PCI, GDPR Infrastructure analytic and Penetration Testing tool with the following features: Vulnerability Assessment External Infrastructure Penetration Test Internal Infrastructure Penetration Test Automate Penetration Test Phishing campaigns Can you please comment inline regarding the question from the customer? Regards, Basu

Basavaraja | Last updated: Apr 05, 2021 05:18PM UTC

Hi, Any quick update is really help customer to speed up the purchase. Regards, Basu

Basavaraja | Last updated: Apr 06, 2021 04:30AM UTC

Hi, Can i have the quick answers to get moving? Regards, Basu

Uthman, PortSwigger Agent | Last updated: Apr 06, 2021 12:35PM UTC

Hi Basu,

You can find the full documentation on Burp Suite Professional here:

https://portswigger.net/burp/documentation/desktop

To break down your original query, please see below:

Vulnerability Assessment (VA) - YES

Static Application Security Testing (SAST) - YES, but only static analysis of client-side JavaScript

Dynamic Application Security Testing (DAST) - YES. This would be the scanner component that has the ability to detect all the issues here: https://portswigger.net/kb/issues

Application Programming Interface (API) Testing - YES. Please see here for further information: https://portswigger.net/burp/documentation/desktop/scanning/api-scanning. You can also manually capture the endpoints by setting up the proxy and running active scans on captured endpoints

OWASP Mobile Top 10 Assessment - You may be able to perform this manually

Penetration Testing (PT) - The tool is not an end-to-end penetration testing tool

Manual Application Security Testing (MAST) - You can use the Proxy, Repeater, Intruder, etc... to achieve this

Automated Application Security Attacks - The scanner can do this. Please see the issues it can test for above

Remediation for Mobile Apps - There are no issues specifically focused on mobile application testing. However, the same remediation techniques can be applied if an issue is raised for a scan on a mobile application. You will need to double-check this manually using your own knowledge and further research

OWASP Mobile Top 10 Testing - You should be able to perform this manually

Others;
Cross-Platform testing (iOS, Android) - YES. Please see here: https://portswigger.net/burp/documentation/desktop/mobile-testing, https://portswigger.net/support/configuring-an-android-device-to-work-with-burp, https://portswigger.net/support/configuring-an-ios-device-to-work-with-burp

Unlimited users - No. Burp Suite Professional is licensed on a per-user basis. For example, if you purchase a 2-user license then only 2 users can use the license at any one time

Unlimited number of tests (Not limited to number of Apps to test) - YES

Test for Compliance and Regulations e.g. PCI, GDPR - No. Our tool cannot perform these tests. There is one scan check that may assist in one element of PCI compliance (https://portswigger.net/kb/issues/00600500_credit-card-numbers-disclosed) but this should not be used alone to meet compliance requirements


Please complete a trial of the product to ensure that it suits your requirements before you purchase:

https://portswigger.net/burp/pro/trial

You need to Log in to post a reply. Or register here, for free.