We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The report function is the solution's greatest asset."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The most valuable features are Burp Intruder and Burp Scanner."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"The solution has a great user interface."
"The most valuable feature is Burp Collaborator."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"It is a time-saver application."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"The cost per user is high and should be reduced."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"Checkmarx could improve the REST APIs by including automation."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Its user interface could be improved and made more friendly."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"The reporting needs to be improved; it is very bad."
"There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
"The solution lacks sufficient stability."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"The solution is not easy to set it up. You need a lot of knowledge."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"Scanning needs to be improved in enterprise and professional versions."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and GitLab. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.