We performed a comparison between Checkmarx and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"It has all the features we need."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"Vulnerability details is valuable."
"The SAST component was absolutely 100% stable."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"The solution has a great user interface."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The extension that it provides with the community version for the skills mapping is excellent."
"You can download different plugins if you don't have them in the standard edition."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"They could work to improve the user interface. Right now, it really is lacking."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"The pricing can get a bit expensive, depending on the company's size."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Its user interface could be improved and made more friendly."
"If we're running a huge number of scans regularly, it slows down the tool."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"The scanner and crawler need to be improved."
"The technical support team's response time is mostly delayed and should be improved."
"We'd like to have more integration potential across all versions of the product."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx is ranked 3rd in Application Security Tools with 23 reviews while PortSwigger Burp Suite Professional is ranked 12th in Application Security Tools with 21 reviews. Checkmarx is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx writes "Specifies the exact line of code where it finds the problem and gives good reports". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "Offers efficient scanning of entire websites but presence of false positive bugs, leading to time-consuming efforts in distinguishing real bugs from false alarms". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.