We performed a comparison between Checkmarx and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"One of the most valuable features is it is flexible."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"You can download different plugins if you don't have them in the standard edition."
"The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"The initial setup is simple."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"I would like to see the rate of false positives reduced."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"I would like to see the DAST solution in the future."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"We can run only one project at a time."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"Micro-services need to be included in the next release."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"The scanner and crawler need to be improved."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The solution lacks sufficient stability."
"There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
"If your application uses multi-factor authentication, registration management cannot be automated."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 12th in Application Security Tools with 54 reviews. Checkmarx is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.