We performed a comparison between Fortify WebInspect and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution's technical support was very helpful."
"The most valuable feature is the static analysis."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The solution is easy to use."
"The user interface is ok and it is very simple to use."
"Technical support has been good."
"Good at scanning and finding vulnerabilities."
"You can scan any number of applications and it updates its database."
"Enables automation of different tasks such as authorization testing."
"The most valuable features are Burp Intruder and Burp Scanner."
"It was easy to learn."
"The solution helped us discover vulnerabilities in our applications."
"It's good testing software."
"The solution scans web applications and supports APIs, which are the main features I really like."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The initial setup was complex."
"One thing I would like to see them introduce is a cloud-based platform."
"Lately, we've seen more false negatives."
"We have had a problem with authentification."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"The solution’s pricing could be improved."
"The solution is not easy to set it up. You need a lot of knowledge."
"The use of system memory is an area that can be improved because it uses a lot."
"The solution’s pricing could be improved."
"One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews. Fortify WebInspect is rated 7.0, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Fortify WebInspect is most compared with Fortify on Demand, Acunetix, OWASP Zap, HCL AppScan and Qualys Web Application Scanning, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Acunetix, HCL AppScan, Qualys Web Application Scanning and SonarQube. See our Fortify WebInspect vs. PortSwigger Burp Suite Professional report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.