We performed a comparison between Mend.io and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar)."
"The license management of WhiteSource was at a good level. As compared to other tools that I have used, its functionality for the licenses for the code libraries was quite good. Its UI was also fine."
"The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate."
"I am the organizational deployment administrator for this tool, and I, along with other users in our company, especially the security team, appreciate the solution for several reasons. The UI is excellent, and scanning for security threats fits well into our workflow."
"The best feature is that the Mend R&D team does their due diligence for all the vulnerabilities. In case they observe any important or critical vulnerabilities, such as the Log4j-related vulnerability, we usually get a dedicated email from our R&D team saying that this particular vulnerability has been exploited in the world, and we should definitely check our project for this and take corrective actions."
"The vulnerability analysis is the best aspect of the solution."
"The inventory management as well as the ability to identify security vulnerabilities has been the most valuable for our business."
"WhiteSource is unique in the scanning of open-source licenses. Additionally, the vulnerabilities aspect of the solution is a benefit. We don't use WhiteSource in the whole organization, but we use it for some projects. There we receive a sense of the vulnerabilities of the open-source components, which improves our security work. The reports are automated which is useful."
"You can download different plugins if you don't have them in the standard edition."
"The solution has a pretty simple setup."
"I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
"The solution is stable."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The solution scans web applications and supports APIs, which are the main features I really like."
"The initial setup is simple."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"The solution lacks the code snippet part."
"At times, the latency of getting items out of the findings after they're remediated is higher than it should be."
"The only thing that I don't find support for on Mend Prioritize is C++."
"I rated the solution an eight out of ten because WhiteSource hasn't built in a couple of features that we would have loved to use and they say they're on their roadmap. I'm hoping that they'll be able to build and deliver in 2022."
"WhiteSource Prioritize should be expanded to cover more than Java and JavaScript."
"The dashboard UI and UX are problematic."
"I would like to have an additional compliance pack. Currently, it does not have anything for the CIS framework or the NIST framework. If we directly run a scan, and it is under the CIS framework, we can directly tell the auditor that this product is now CIS compliant."
"Mend supports most of the common package managers, but it doesn't support some that we use. I would appreciate it if they can quickly make these changes to add new package managers when necessary."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"The pricing of the solution is quite high."
"Scanning needs to be improved in enterprise and professional versions."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"The initial setup is a bit complex."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Mend.io is ranked 13th in Application Security Tools with 29 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews. Mend.io is rated 8.4, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Mend.io writes "Easy to use, great for finding vulnerabilities, and simple to set up". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Mend.io is most compared with SonarQube, Black Duck, Veracode, Snyk and Checkmarx One, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Mend.io vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.