We performed a comparison between Checkmarx and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The most valuable feature is the simple user interface."
"The user interface is modern and nice to use."
"The UI is user-friendly."
"Both automatic and manual code review (CxQL) are valuable."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"The solution has a great user interface."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The initial setup is simple."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
"The most valuable feature is Burp Collaborator."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"The solution lacks sufficient stability."
"There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
"The Initial setup is a bit complex."
"The reporting needs to be improved; it is very bad."
"The solution is not easy to set it up. You need a lot of knowledge."
"The initial setup is a bit complex."
"As with most automated security tools, too many false positives."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx is ranked 3rd in Application Security Tools with 23 reviews while PortSwigger Burp Suite Professional is ranked 12th in Application Security Tools with 21 reviews. Checkmarx is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx writes "Specifies the exact line of code where it finds the problem and gives good reports". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "Offers efficient scanning of entire websites but presence of false positive bugs, leading to time-consuming efforts in distinguishing real bugs from false alarms". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.