We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The UI is very intuitive and simple to use."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"From my point of view, it is the best product on the market."
"The most valuable feature is the simple user interface."
"The solution is scalable, but other solutions are better."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"The solution is stable."
"The intercepting feature is the most valuable."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"They could work to improve the user interface. Right now, it really is lacking."
"The solution sometimes reports a false auditable code or false positive."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The reports are good, but they still need to be improved considering what the UI offers."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"The solution's user interface could be improved because it seems outdated."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
"The technical support team's response time is mostly delayed and should be improved."
"It would be good if the solution could give us more details about what exactly is defective."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"Sometimes the solution can run a little slow."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"The pricing of the solution is quite high."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.