We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI is very intuitive and simple to use."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"It is a stable product."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"Scan reviews can occur during the development lifecycle."
"The administration in Checkmarx is very good."
"The solution has a pretty simple setup."
"I have found the best features to be the performance and there are a lot of additional plugins available."
"The most valuable features are Burp Intruder and Burp Scanner."
"The intercepting feature is the most valuable."
"The most valuable feature is the application security. It also has a reasonable price."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"Enables automation of different tasks such as authorization testing."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx is not good because it has too many false positive issues."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Updating and debugging of queries is not very convenient."
"Checkmarx could improve the REST APIs by including automation."
"Its user interface could be improved and made more friendly."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"Sometimes the solution can run a little slow."
"Scanning needs to be improved in enterprise and professional versions."
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.