We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"One of the most valuable features is it is flexible."
"Helps us check vulnerabilities in our SAP Fiori application."
"Less false positive errors as compared to any other solution."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The most valuable feature is the application security. It also has a reasonable price."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
"It was easy to learn."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The solution sometimes reports a false auditable code or false positive."
"Checkmarx could be improved with more integration with third-party software."
"The pricing can get a bit expensive, depending on the company's size."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"Updating and debugging of queries is not very convenient."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The price could be better. The rest is fine."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"As with most automated security tools, too many false positives."
"The use of system memory is an area that can be improved because it uses a lot."
"If we're running a huge number of scans regularly, it slows down the tool."
"In the Professional version, we cannot link it with the CI/CD process."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.