We performed a comparison between Mend.io and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are multiple different integrations there. We use Mend for CI/CD that goes through Azure as well. It works seamlessly. We never have any issues with it."
"What is very nice is that the product is very easy to set up. When you want to implement Mend.io, it just takes a few minutes to create your organization, create your products, and scan them. It's really convenient to have Mend scanning your products in less than one hour."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"Enables scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed."
"For us, the most valuable tool was open-source licensing analysis."
"Our dev team uses the fix suggestions feature to quickly find the best path for remediation."
"We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or replace a third-party library which seems to be too risky for us to use on legal grounds."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"It offers very good accuracy. You can trust the results."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"The active scanner, which does an automated search of any web vulnerabilities."
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"The tool provides complimentary services. It allows you to add a lot of extensions, and you can get extensions quite often. It is quite a flexible application."
"They're working on a UI refresh. That's probably been one of the pain points for us as it feels like a really old application."
"It should support multiple SBOM formats to be able to integrate with old industry standards."
"The only thing that I don't find support for on Mend Prioritize is C++."
"WhiteSource needs improvement in the scanning of the containers and images with distinguishing the layers."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"The UI is not that friendly and you need to learn how to navigate easily."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"Mend lets you create custom policies. They're not too complicated to set up, but it would be helpful if they had some preconfigured policies to match what we have in Azure DevOps. That would save us a lot of time. It's tedious to configure the policies manually, and I lack the capacity to do it right now. Other products have preconfigured packs and templates, and Mend doesn't."
"In the Professional version, we cannot link it with the CI/CD process."
"As with most automated security tools, too many false positives."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"There is not much automation in the tool."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"The reporting needs to be improved; it is very bad."
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
"One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Mend.io is ranked 13th in Application Security Tools with 29 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews. Mend.io is rated 8.4, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Mend.io vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.