We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Apart from software scanning, software composition scanning is valuable."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The solution communicates where to fix the issue for the purpose of less iterations."
"Vulnerability details is valuable."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools."
"The extension that it provides with the community version for the skills mapping is excellent."
"Enables automation of different tasks such as authorization testing."
"The solution scans web applications and supports APIs, which are the main features I really like."
"The intercepting feature is the most valuable."
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"The solution helped us discover vulnerabilities in our applications."
"The solution has a pretty simple setup."
"Meta data is always needed."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx could be improved with more integration with third-party software."
"Checkmarx could improve the speed of the scans."
"I would like to see the DAST solution in the future."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The reporting needs to be improved; it is very bad."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"The solution’s pricing could be improved."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"The solution lacks sufficient stability."
"In the Professional version, we cannot link it with the CI/CD process."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
"There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and GitLab. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.