We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has all the features we need."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The solution allows us to create custom rules for code checks."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The most valuable feature for me is the Jenkins Plugin."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"Scan reviews can occur during the development lifecycle."
"The administration in Checkmarx is very good."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"The most valuable feature is Burp Collaborator."
"I have found the best features to be the performance and there are a lot of additional plugins available."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"The suite testing models are very good. It's very secure."
"It was easy to learn."
"The solution's user interface could be improved because it seems outdated."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"Its user interface could be improved and made more friendly."
"I would like to see the DAST solution in the future."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"Micro-services need to be included in the next release."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."
"There is not much automation in the tool."
"As with most automated security tools, too many false positives."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"PortSwigger Burp Suite Professional could improve the static code review."
"The scanner and crawler need to be improved."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
