We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Both automatic and manual code review (CxQL) are valuable."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"We use the solution for dynamic application testing."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"It offers very good accuracy. You can trust the results."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"The solution helped us discover vulnerabilities in our applications."
"The most valuable feature is the application security. It also has a reasonable price."
"The solution has a great user interface."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"The pricing can get a bit expensive, depending on the company's size."
"Checkmarx could be improved with more integration with third-party software."
"The reports are good, but they still need to be improved considering what the UI offers."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"The reporting needs to be improved; it is very bad."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"The scanner and crawler need to be improved."
"The solution is not easy to set it up. You need a lot of knowledge."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"The price could be better. The rest is fine."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.