We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Both automatic and manual code review (CxQL) are valuable."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The solution is scalable, but other solutions are better."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"The solution is quite helpful for session management and configuration."
"The suite testing models are very good. It's very secure."
"The solution has a pretty simple setup."
"The solution helped us discover vulnerabilities in our applications."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"The integration could improve by including, for example, DevSecOps."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"It is an expensive solution."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Checkmarx is not good because it has too many false positive issues."
"The solution’s pricing could be improved."
"Sometimes the solution can run a little slow."
"The reporting needs to be improved; it is very bad."
"The tool is very expensive."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"We'd like to have more integration potential across all versions of the product."
"There is not much automation in the tool."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.