Highlights:

  • Burp Suite has many capabilities designed to help find website vulnerabilities. Cybersecurity experts can use the tool to determine whether a website is vulnerable to common hacking techniques like SQL injections.
  • The Burp Scanner is an additional tool in the Burp Suite subscription editions. It automates part of the laborious human process of identifying security flaws.

PortSwigger raised USD 112 million in the latest funding. The company develops the industry’s most renowned cybersecurity testing tools.

Brighton Park Capital, a private equity firm, supplied the funding. This is the first time that PortSwigger, a UK-based company, has raised capital since its funding. Chief Executive Officer Dafydd Stuttard started the business in 2008 with the goal of bringing Burp Suite, a cybersecurity testing product he had developed a few years prior, to market.

“This investment will allow us to enhance our offerings with features that meet the sophisticated, cross-functional needs of large enterprises while maintaining the agility and precision that individual security professionals require,” added Stuttard.

Burp Suite is a tool used by cybersecurity experts to check apps for vulnerabilities. The program comes with two paid editions that offer more functionality and a free version. About 70,000 people use the paid editions, according to PortSwigger, from 16,000 different companies, including Microsoft Corp., Amazon.com Inc., and other significant IT corporations.

Burp Suite has many capabilities designed to help find website vulnerabilities. Cybersecurity experts can use the tool to determine whether a website is vulnerable to common hacking techniques like SQL injections. Burp Suite is also useful for identifying more complex cybersecurity threats.

In certain situations, URLs can be used to execute commands on websites in addition to opening them. For instance, a link could be set up to automatically reset a user’s password upon clicking. Incorrect configuration of a website’s security settings allows hackers to deceive visitors into clicking links, which leads to harmful activities.

Burp Suite can identify flaws in websites that could be used as a springboard for these kinds of attacks. It can also identify components that are vulnerable to XML external entity injections, another widely used hacking technique. Cyberattacks use this method to steal data from websites by taking advantage of specific XML data format capabilities, which are used by many online businesses to provide data to users’ browsers.

The Burp Scanner is an additional tool in the Burp Suite subscription editions. It automates part of the laborious human process of identifying security flaws. Using an integrated browser based on Chromium, the open-source browser engine behind Google Chrome, the program identifies vulnerable website components.

Apart from detecting vulnerabilities on websites, Burp Suite can also be used for other purposes. The program can identify shortcomings in application programming interfaces and mobile apps. Customers can also utilize user-developed plugins to expand the use cases of Burp Suite, such as identifying vulnerabilities in carrier networks.

Burp Suite Enterprise is a software version offered by PortSwigger designed for large enterprises. It has dashboards that show network vulnerabilities in an organization. Furthermore, access controls are integrated into the software to govern user interaction.

PortSwigger plans to use the USD 112 million funding to support its product development efforts. The company states that some of the funds will be used to create additional features for Burp Suite’s free version. Besides, it has intentions to expand globally as well.