We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has all the features we need."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"We use the solution for dynamic application testing."
"The SAST component was absolutely 100% stable."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"It shows in-depth code of where actual vulnerabilities are."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The solution allows us to create custom rules for code checks."
"The active scanner, which does an automated search of any web vulnerabilities."
"The intercepting feature is the most valuable."
"The initial setup is simple."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
"The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
"The most valuable feature is the application security. It also has a reasonable price."
"The most valuable feature is Burp Collaborator."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"If it is a very large code base then we have a problem where we cannot scan it."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"If we're running a huge number of scans regularly, it slows down the tool."
"PortSwigger Burp Suite Professional could improve the static code review."
"The scanner and crawler need to be improved."
"In the Professional version, we cannot link it with the CI/CD process."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"The use of system memory is an area that can be improved because it uses a lot."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.