We performed a comparison between Mend.io and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies."
"The solution boasts a broad range of features and covers much of what an ideal SCA tool should."
"The results and the dashboard they provide are good."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"Its ease of use and good results are the most valuable."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"It helps in API testing, where manual intervention was previously necessary for each payload."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"The solution has a pretty simple setup."
"The most valuable features are Burp Intruder and Burp Scanner."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"If anything, I would spend more time making this more user-friendly, better documenting the CLI, and adding more examples to help expand the current documentation."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"Some detected libraries do not specify a location of where in the source they were matched from, which is something that should be enhanced to enable quicker troubleshooting."
"Make the product available in a very stable way for other web browsers."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"We'd like to have more integration potential across all versions of the product."
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
"One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
"The scanner and crawler need to be improved."
"The solution doesn't offer very good scalability."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Mend.io is ranked 13th in Application Security Tools with 29 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews. Mend.io is rated 8.4, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Mend.io vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.