We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"We use the solution for dynamic application testing."
"The setup is fairly easy. We didn't struggle with the process at all."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The value you can get out of the speedy production may be worth the price tag."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"Both automatic and manual code review (CxQL) are valuable."
"The most valuable features are Burp Intruder and Burp Scanner."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The intercepting feature is the most valuable."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"The most valuable feature is the application security. It also has a reasonable price."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"The solution's user interface could be improved because it seems outdated."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx could improve the speed of the scans."
"Checkmarx could be improved with more integration with third-party software."
"The cost per user is high and should be reduced."
"In the Professional version, we cannot link it with the CI/CD process."
"Sometimes the solution can run a little slow."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"The Initial setup is a bit complex."
"The solution’s pricing could be improved."
"There should be a heads up display like the one available in OWASP Zap."
"If we're running a huge number of scans regularly, it slows down the tool."
"The solution’s pricing could be improved."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.