EH-Net

I'm getting more serious about web security as I'm going through the WAHH v2, and I'm wondering if Burp Suite Pro is worth the price.  I definitely think it would be worth a one time price of $299, but $299 a year seems quite steep.  Is it updated enough to justify such a huge subscription price?  Just thought I'd get the opinions of people who have the pro version.

Thanks.

Depends what you want to do with it.

If you really want to do professional pentesting it worth every penny. If it is just for study... it is excellent, but I would first play with all the free software, in order to better understand what I am doing.

I have the pro version and I am very satisfied with it. The fact that you can save a session and restore it later is amazing. You can even do a delta between a saved session and the current one.

The built in scanner is not bad also. You have the option to do a passive scan (sniffing) or a real scan.

Checkout this thread as well: Anyone got the Professional version of Burp Suite? (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5731.0/)

I haven't used Burp Pro myself, but I've heard from a handful of people that unlocking Burp Intruder's full potential with Burp Pro is worth the price alone heh

I've only heard good about it, and there's a lot of infosec companies that use it, so I believe it must be worth it, at least if your company is paying for it. The free version works very well, and most important, it's extremely stable.
Unlike other web app sec tools, I've never seen it crash, it has been around for ages, it has the most effective interface, and it has a lot of good features that any web app sec guy would need.
Even compared to Owasp Zed, it's still much better in my humble opinion. (It's even faster, and we're talking about the free versions.)

Agreed, but this gap is narrowing with every ZAP commit.

Ok, so I'll definitely buy Burp Suite Pro once I get a paying job.  (That and the GWAPT class).  Until then, I'll use the free version and try out ZAP.