We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"It shows in-depth code of where actual vulnerabilities are."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The user interface is excellent. It's very user friendly."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"One of the most valuable features is it is flexible."
"The solution helped us discover vulnerabilities in our applications."
"The solution has a great user interface."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"I would like to see the rate of false positives reduced."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"Checkmarx could improve the REST APIs by including automation."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Updating and debugging of queries is not very convenient."
"The solution lacks sufficient stability."
"In the Professional version, we cannot link it with the CI/CD process."
"There should be a heads up display like the one available in OWASP Zap."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"The tool is very expensive."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"The solution is not easy to set it up. You need a lot of knowledge."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.