We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The UI is user-friendly."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"We use the solution for dynamic application testing."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The administration in Checkmarx is very good."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"Helps us check vulnerabilities in our SAP Fiori application."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
"Enables automation of different tasks such as authorization testing."
"It's good testing software."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The solution helped us discover vulnerabilities in our applications."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"I would like to see the rate of false positives reduced."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"They could work to improve the user interface. Right now, it really is lacking."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"Updating and debugging of queries is not very convenient."
"The validation process needs to be sped up."
"If it is a very large code base then we have a problem where we cannot scan it."
"Scanning needs to be improved in enterprise and professional versions."
"The solution lacks sufficient stability."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"Improvement should be done as per the requirements of customers."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and GitLab. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
