Perhaps, but on the spectrum of security tools Burp is still easily one of the most affordable and best bang for the price expenditures you can make. A few hundred dollars a year is trivial compared to the cost of the talent to run it.
You do know that @zaproy is probably used more than burp?
Not by pentesters of course, but in automation.
Burp is a great tool of course, but for many people automating ZAP will make a lot more sense than automating burp.
I do, which is why I said that it doesn't make sense unless you have investment in Zest, or use it in your CI/CD pipeline. But the tutorial was specifically targeted at new pentesters, as were my comments. Burp has plenty of flaws too, but it is _the_ tool for pen tests and external applications.
It's also open source and supported. And I'm told it has a niche for testing accessibility features that isn't really covered in the BApp ecosystem, though I haven't explored that personally. But for pen testing, IMHO it's a disservice to new folks learning to point them at it before Burp.
Comments
Not by pentesters of course, but in automation.
Burp is a great tool of course, but for many people automating ZAP will make a lot more sense than automating burp.