Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Burp Suite Ninja is a security-focused newsletter/content site hosted on Substack. Its topics revolve around Burp Suite usage tips, web application security testing, penetration testing experience, WAF bypasses, and related content. The page clearly states that the project is managed by Soroush Dalili and belongs to SecProject Ltd. in the UK, while also declaring that it is not official PortSwigger content and is not endorsed by PortSwigger.
Its main value is not in providing online tools, but in continuously publishing content: Burp Suite-related insights, hands-on tips, case stories, and more advanced bypass ideas. Users can subscribe to access the full newsletter and site content, with new posts delivered directly to their inbox, or read them through the Substack archive. Overall, it feels more like a security research and experience-sharing publication than a structured course platform.
The captured page content does not show clear pricing, only a “Subscribe” entry point and Substack’s general subscription information. Therefore, it can be inferred that a subscription mechanism exists, but whether there is a paid tier, the specific cost, and the proportion of free content are all unclear. For businesses or individual users evaluating a budget, the pricing transparency is only average.
The advantages are its strong vertical focus on Burp Suite, a core tool for web security testing, making it useful for penetration testing, Bug Bounty, red teaming, and security learners. The author has a background in the security field, so the content is relatively credible. The Substack format also makes it convenient to follow updates via email.
The drawbacks are that it is not official documentation or an official academy, so readers need to cross-check the authority of the content themselves. The captured content does not show hands-on labs, systematic chapters, or Chinese-language support. If the main content is in English, it may present a certain barrier for Chinese-speaking beginners.
It is suitable for security engineers already using Burp Suite, Bug Bounty hunters, web penetration testing learners, and advanced users who want practical techniques and bypass ideas. If the goal is beginner-friendly, structured learning from scratch, PortSwigger Web Security Academy may be a better fit.
The site is based on Substack. Substack’s accessibility experience in mainland China is generally unstable, with possible slow loading and restrictions on email or page resources. Therefore, it is assessed as “partially restricted.”
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on burpsuite.ninja official site.
burpsuite.ninja is an United Kingdom Security provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach burpsuite.ninja directly.