We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The user interface is modern and nice to use."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The setup is fairly easy. We didn't struggle with the process at all."
"It has all the features we need."
"The UI is user-friendly."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"One of the most valuable features is it is flexible."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The most valuable features are Burp Intruder and Burp Scanner."
"It's good testing software."
"You can scan any number of applications and it updates its database."
"The active scanner, which does an automated search of any web vulnerabilities."
"The intercepting feature is the most valuable."
"I have found the best features to be the performance and there are a lot of additional plugins available."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"The pricing can get a bit expensive, depending on the company's size."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"Checkmarx could be improved with more integration with third-party software."
"Its user interface could be improved and made more friendly."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"The validation process needs to be sped up."
"We can run only one project at a time."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"The solution is not easy to set it up. You need a lot of knowledge."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"The solution doesn't offer very good scalability."
"Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."
"The number of false positives need to be reduced on the solution."
"The scanner and crawler need to be improved."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.