# PortSwigger Brand Voice

> Authoritative, community-driven, and technically precise.

## Positioning
PortSwigger is a web security company that provides industry-standard tools (Burp Suite) and educational resources for security professionals, researchers, and ethical hackers. It positions itself as the mission-critical foundation for staying ahead of emerging web threats.

## Voice principles
*   **Authoritative:** Uses declarative statements that establish leadership in the AppSec space without needing to boast.
*   **Technically Precise:** Employs specific industry terminology (DAST, exploit, desync, vulnerabilities) to speak directly to an expert audience.
*   **Community-Centric:** Highlights real people, researchers, and practitioners, fostering a sense of shared mission among "Swiggers."
*   **Urgent but Calm:** Communicates the seriousness of security (e.g., "Security is no longer optional") with a steady, solution-oriented focus.

## Tone by context
| Context | Tone |
|---|---|
| **Product Marketing** | Direct and capability-focused. Emphasizes "scanning without limits" and "everything you need." |
| **Research & News** | Academic yet provocative. Uses bold titles like "HTTP/1.1 Must Die" to signal cutting-edge discovery. |
| **Education (Academy)** | Encouraging and structured. Focuses on "getting started," "learning," and "becoming certified." |
| **Community/Social** | Personable and inclusive. Uses terms like "fanboy," "baptisms," and "get to know us." |

## Lexicon
- **Use:** Stay ahead, exploit, vulnerabilities, AppSec, ethical hacking, "without limits," strategic partnership, community, pioneering, mission.
- **Avoid:** Not evident from captured copy, but generally avoids "marketing fluff," vague buzzwords, or overly corporate "synergy" language.

## Messaging do's and don'ts
*   **Do:** Lead with trust and social proof (e.g., "Trusted by security professionals").
*   **Do:** Use active verbs when describing tools (Test, find, exploit, boost).
*   **Do:** Connect software to the people behind it (researchers, founders, community members).
*   **Don't:** Use passive language when discussing security threats.
*   **Don't:** Over-explain basic concepts; assume a baseline of technical literacy.
*   **Don't:** Treat security as a "set and forget" product; frame it as a continuous effort to "stay ahead."

## Evidence
- "Trusted by the people who use it every day" (Social proof/Authority).
- "HTTP/1.1 Must Die: The Desync Endgame Begins" (Provocative research tone).
- "Automated DAST scanning without limits" (Direct product marketing).
- "Top tips from a Burp Suite fanboy" (Community-centric/Personable).
- "Security is no longer optional" (Urgency).