PortSwigger was founded by Dafydd Stuttard in the UK. Stuttard, a renowned web security researcher and co-author of “The Web Application Hacker’s Handbook,” created Burp Suite as a personal tool for web application penetration testing. It eventually became the de facto standard in the field.
Burp Suite is an integrated platform for web security testing. It includes a proxy for intercepting HTTP/HTTPS traffic, a scanner for automatically detecting vulnerabilities, and a range of manual testing tools like Repeater, Intruder, and Sequencer. Security professionals use it to find SQL injection, cross-site scripting (XSS), CSRF, and dozens of other vulnerability classes.
The tool comes in three versions: Community Edition (free but limited), Professional ($449/user/year), and Enterprise Edition (for automated scanning at scale). Burp Suite Professional is what most penetration testers use daily.
PortSwigger also created the Web Security Academy, a free online training platform that teaches web security through hands-on labs. It’s become one of the most popular resources for aspiring security professionals and covers topics from basic XSS to advanced server-side request forgery.
The company also maintains a research blog that regularly publishes original security research, including novel attack techniques that have influenced the broader security community. Research papers on HTTP request smuggling and web cache poisoning by PortSwigger’s team have had particular impact.
Based in Knutsford, England, PortSwigger has grown while remaining relatively private — it doesn’t disclose employee counts or revenue, but Burp Suite’s dominance in pen testing is well-established.
