We performed a comparison between PortSwigger Burp Suite Enterprise Edition and Qualys VMDR based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of PortSwigger Burp Suite Enterprise Edition are the vast amount of options and ease of use. They frequently improve the solution every six months to a year. Additionally, if we want any more features we can upload a custom script to meet our needs."
"The product is easy to use."
"This tool helps identify vulnerabilities. We then provide the report to the developers, who address the issues identified automatically. Its most valuable feature is CI/CD integration."
"I like normal dynamic scanning, general web applications scanning, and vulnerability assessments."
"We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time."
"Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition."
"The product's initial setup phase was super easy."
"The initial setup is straightforward."
"I find the solution's dashboard interesting...The response time is fine. You can pull up reports without dragging or consuming bandwidth."
"There are fewer false positives when using this solution."
"It is quite easy to implement."
"The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities."
"I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made."
"It's stable and quite reliable."
"Vulnerability management is the most valuable one and it’s a must in every organization."
"I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile."
"It would be better if the solution is cloud-based."
"From my personal experience, the solution's performance could be improved."
"There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings."
"The solution is a bit expensive."
"The cost per license per user could be cheaper, specifically for individual licensing."
"PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers."
"The stability of the scans could be improved."
"There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives."
"The IoT scan is not great."
"This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs."
"I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."
"One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud."
"Improve the API speed."
"Qualys VM should improve its methodology."
"I would like to have CSPM, a continuous scan-like cloud added to the solution."
"Improve the user interface."
More PortSwigger Burp Suite Enterprise Edition Pricing and Cost Advice →
PortSwigger Burp Suite Enterprise Edition is ranked 4th in Dynamic Application Security Testing (DAST) with 10 reviews while Qualys VMDR is ranked 3rd in Risk-Based Vulnerability Management with 77 reviews. PortSwigger Burp Suite Enterprise Edition is rated 8.0, while Qualys VMDR is rated 8.2. The top reviewer of PortSwigger Burp Suite Enterprise Edition writes " With a super easy initial setup phase, the tool also offers regular updates". On the other hand, the top reviewer of Qualys VMDR writes "Good visibility but expensive and needs better support". PortSwigger Burp Suite Enterprise Edition is most compared with Acunetix, Tenable Nessus, Rapid7 Metasploit, Tenable Vulnerability Management and Amazon Inspector, whereas Qualys VMDR is most compared with Tenable Nessus, Tenable Security Center, Rapid7 InsightVM, Microsoft Defender Vulnerability Management and Tenable Vulnerability Management. See our PortSwigger Burp Suite Enterprise Edition vs. Qualys VMDR report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
