PortSwigger Ltd., the company behind one of the industry’s most popular cybersecurity testing tools, today disclosed that it has raised $112 million in funding.

The capital was provided by private equity firm Brighton Park Capital. It marks the first time that U.K.-based PortSwigger has raised funding since launch. The company was founded in 2008 by Chief Executive Officer Dafydd Stuttard to commercialize Burp Suite, a cybersecurity testing tool he created a few years earlier.

“This investment will allow us to enhance our offerings with features that meet the sophisticated, cross-functional needs of large enterprises while maintaining the agility and precision that individual security professionals require,” said Stuttard. 

Cybersecurity professionals use Burp Suite to test applications for vulnerabilities. The software is available in a free version, as well as two paid editions that provide additional features. PortSwigger says that the paid editions have about 70,000 users across 16,000 companies, including Microsoft Corp., Amazon.com Inc. and major tech firms.

Many of Burp Suite’s features are geared toward detecting vulnerabilities in websites. Using the tool, cybersecurity professionals can test if a website is susceptible to simple hacking tactics such as SQL injections. Burp Suite also lends itself to detecting more advanced cybersecurity risks. 

In some cases, URLs can be used not only to open webpages but also to perform actions in those webpages. A link could, for example, be configured to reset a user’s password when it’s clicked. If a website’s security settings are not configured correctly, hackers can trick users into clicking links that perform malicious actions.

Burp Suite can detect vulnerable website components that may facilitate such cyberattacks. It’s also capable of spotting components susceptible to XML external entity injections, another common hacking tactic. Cyberattacks that implement this tactic steal website data by exploiting certain features of the XML data format, which many online services use to send information to visitors’ browsers.

The paid editions of Burp Suite add a tool called the Burp Scanner. It automates some of the manual work involved in detecting security issues. The tool maps out vulnerable website components using a built-in browser based on Chromium, the open-source browser engine that underpins Google Chrome.

Burp Suite also lends itself to other tasks besides finding website vulnerabilities. The software can find weak points in mobile apps and application programming interfaces. Additionally, customers have access to user-developed plugins that can extend Burp Suite to more use cases, such as finding vulnerabilities in carrier networks.

PortSwigger provides a version of the software called Burp Suite Enterprise geared toward large organizations. It includes dashboards that can visualize vulnerabilities in a company’s network. Additionally, there are built-in access controls for regulating how users can interact with the software.

The $112 million funding round announced today will help PortSwigger finance product development initiatives. According to the company, a portion of the capital will go toward developing new features for the free edition of Burp Suite. It also plans to grow its international presence. 

Photo: Unsplash