We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The user interface is modern and nice to use."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"We use the solution for dynamic application testing."
"It shows in-depth code of where actual vulnerabilities are."
"Vulnerability details is valuable."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"It helps in API testing, where manual intervention was previously necessary for each payload."
"The solution is stable."
"The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools."
"It was easy to learn."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"It offers very good accuracy. You can trust the results."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"Micro-services need to be included in the next release."
"Checkmarx could improve the speed of the scans."
"The pricing can get a bit expensive, depending on the company's size."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Improvement should be done as per the requirements of customers."
"Sometimes the solution can run a little slow."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Fortify on Demand. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.