We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Scan reviews can occur during the development lifecycle."
"From my point of view, it is the best product on the market."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"Helps us check vulnerabilities in our SAP Fiori application."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The UI is very intuitive and simple to use."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"The most valuable features are Burp Intruder and Burp Scanner."
"In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"The solution helped us discover vulnerabilities in our applications."
"The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"The solution has a great user interface."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"We can run only one project at a time."
"Meta data is always needed."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"Checkmarx could improve by reducing the price."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"The scanner and crawler need to be improved."
"Scanning needs to be improved in enterprise and professional versions."
"The solution doesn't offer very good scalability."
"The solution lacks sufficient stability."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The tool is very expensive."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"Sometimes the solution can run a little slow."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Fortify on Demand. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.