We performed a comparison between Checkmarx and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"Scan reviews can occur during the development lifecycle."
"Less false positive errors as compared to any other solution."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The value you can get out of the speedy production may be worth the price tag."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"Vulnerability details is valuable."
"It's good testing software."
"You can download different plugins if you don't have them in the standard edition."
"PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
"You can scan any number of applications and it updates its database."
"It was easy to learn."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"The intercepting feature is the most valuable."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"We have received some feedback from our customers who are receiving a large number of false positives."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"The price could be better. The rest is fine."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"There is not much automation in the tool."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"As with most automated security tools, too many false positives."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx is ranked 3rd in Application Security Tools with 23 reviews while PortSwigger Burp Suite Professional is ranked 12th in Application Security Tools with 21 reviews. Checkmarx is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx writes "Specifies the exact line of code where it finds the problem and gives good reports". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "Offers efficient scanning of entire websites but presence of false positive bugs, leading to time-consuming efforts in distinguishing real bugs from false alarms". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.