We performed a comparison between Mend.io and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The dashboard view and the management view are most valuable."
"The results and the dashboard they provide are good."
"With the fix suggestions feature, not only do you get the specific trace back to where the vulnerability is within your code, but you also get fix suggestions."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"For us, the most valuable tool was open-source licensing analysis."
"The overall support that we receive is pretty good. "
"WhiteSource helped reduce our mean time to resolution since the adoption of the product."
"The most valuable feature is Burp Collaborator."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"The active scanner, which does an automated search of any web vulnerabilities."
"WhiteSource only produces a report, which is nice to look at. However, you have to check that report every week, to see if something was found that you don't want. It would be great if the build that's generating a report would fail if it finds a very important vulnerability, for instance."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"On the reporting side, they could make some improvements. They are making the reports better and better, but sometimes it takes a lot of time to generate a report for our entire organization."
"Needs better ACL and more role definitions. This product could be used by large organisations and it definitely needs a better role/action model."
"It would be nice to have a better way to realize its full potential and translate it within the UI or during onboarding."
"The turnaround time for upgrading databases for this tool as well as the accuracy could be improved."
"We specifically use this solution within our CICD pipelines in Azure DevOps, and we would like to have a gate so that if the score falls below a certain value then we can block the pipeline from running."
"Make the product available in a very stable way for other web browsers."
"The solution doesn't offer very good scalability."
"The use of system memory is an area that can be improved because it uses a lot."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"The reporting needs to be improved; it is very bad."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"If we're running a huge number of scans regularly, it slows down the tool."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Mend.io is ranked 5th in Application Security Tools with 29 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Mend.io is rated 8.4, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Mend.io is most compared with SonarQube, Black Duck, Snyk, Veracode and Checkmarx One, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Mend.io vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.