We performed a comparison between PortSwigger Burp Suite Professional and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The initial setup is simple."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"Enables automation of different tasks such as authorization testing."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"The tech support has been very much on the forefront of contacting customers. They help us by making sure all the processes have been outlined and are being followed. They regularly look with us at the whole platform process."
"The most valuable features of Veracode Static Analysis are its ability to work with GitLab and GitHub so that you can do the reviews and force the code."
"The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications."
"The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed."
"The most valuable feature is the static scan that checks for security issues."
"The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""
"The deployment mode is very useful."
"It does software composition analysis, discovering open source software weaknesses."
"The use of system memory is an area that can be improved because it uses a lot."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"If we're running a huge number of scans regularly, it slows down the tool."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"Veracode Static Analysis can improve the false positive. There are always improvements that can be done to the false positive rate. There are some things that get flagged that are not an issue. However, it is not a huge concern."
"I'd like to see more development tools and platforms integrated together with Veracode to amplify the solution's effectiveness."
"From what we have seen of Veracode's SCA offering, it is just average."
"The support team could be more responsive, and the dependency of users on the support team is too high and should be reduced."
"It does not have a reporting structure for an OS-based vulnerability report, whereas its peers such as Fortify and Checkmarx have this ability. Checkmarx also provides a better visibility of the code flow."
"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."
"There needs to be better API integration to the development team's pipeline, which is something that is missing and needs to be improved."
"The runtime code analysis could be improved so that we can see every element in one place."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 5th in Application Security Testing (AST) with 55 reviews while Veracode is ranked 2nd in Application Security Testing (AST) with 194 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Veracode is rated 8.2. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our PortSwigger Burp Suite Professional vs. Veracode report.
See our list of best Application Security Testing (AST) vendors and best Application Security Tools vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.