We performed a comparison between Parasoft SOAtest and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."They have a feature where they can record traffic and create tests on the report traffic."
"We have seen a return on investment."
"The testing time is shortened because we generate test data automatically with SOAtest."
"Technical support is helpful."
"The solution is scalable."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"Since the solution has both command line and automation options, it generates good reports."
"The solution scans web applications and supports APIs, which are the main features I really like."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"It was easy to learn."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"It is a time-saver application."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"Reporting facilities can be better."
"UI testing should be more in-depth."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"Tuning the tool takes time because it gives quite a long list of warnings."
"The summary reports could be improved."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"The product is very slow to start up, and that is a bit of a problem, actually."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"The solution lacks sufficient stability."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"If we're running a huge number of scans regularly, it slows down the tool."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Parasoft SOAtest is ranked 29th in Static Application Security Testing (SAST) with 30 reviews while PortSwigger Burp Suite Professional is ranked 5th in Static Application Security Testing (SAST) with 57 reviews. Parasoft SOAtest is rated 8.2, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and ReadyAPI, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Parasoft SOAtest vs. PortSwigger Burp Suite Professional report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.