We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"Scan reviews can occur during the development lifecycle."
"The UI is user-friendly."
"Both automatic and manual code review (CxQL) are valuable."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Helps us check vulnerabilities in our SAP Fiori application."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"The solution is stable."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"The solution has a great user interface."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"I would like to see the DAST solution in the future."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Its user interface could be improved and made more friendly."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"Checkmarx is not good because it has too many false positive issues."
"If it is a very large code base then we have a problem where we cannot scan it."
"Checkmarx could improve by reducing the price."
"Implementing a blackout time for any user or teams: Needs improvement."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The initial setup is a bit complex."
"The tool is very expensive."
"We'd like to have more integration potential across all versions of the product."
"The solution lacks sufficient stability."
"There should be a heads up display like the one available in OWASP Zap."
"The solution is not easy to set it up. You need a lot of knowledge."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.