Burp suite is a web vulnerability scanner and one of the most well-known and used tools for performing web application security audits. Burp suite sits in the middle, between the user’s browser and the web platform or mobile API to be audited, recording all traffic, passively detecting vulnerabilities and allowing modifications of HTTP requests made to detect anomalies and security problems.
Developed by the European company Portswigger, burp suite is a benchmark for its web security analysis technology, since it complements the automatic vulnerability analysis with a powerful framework with which to carry out manual tests. It is also complemented by many extensions developed by the community with which to further increase its power and the analysis of different technologies.
There are currently three products. Burp suite community edition, which contains basic tools for web security testing, burp suite professional, a commercial tool for a pentester to perform a security audit, and Burp suite enterprise, for collaborative and massive auditing of applications from the cloud.