We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"Scan reviews can occur during the development lifecycle."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The most valuable feature for me is the Jenkins Plugin."
"The solution is scalable, but other solutions are better."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The most valuable feature is the application security. It also has a reasonable price."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"You can download different plugins if you don't have them in the standard edition."
"You can scan any number of applications and it updates its database."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"We have received some feedback from our customers who are receiving a large number of false positives."
"Checkmarx needs to be more scalable for large enterprise companies."
"Micro-services need to be included in the next release."
"Updating and debugging of queries is not very convenient."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Implementing a blackout time for any user or teams: Needs improvement."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"The Initial setup is a bit complex."
"Scanning needs to be improved in enterprise and professional versions."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"There should be a heads up display like the one available in OWASP Zap."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"It would be good if the solution could give us more details about what exactly is defective."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and GitLab. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.