We performed a comparison between Checkmarx One, HCL AppScan, and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Apart from software scanning, software composition scanning is valuable."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"Vulnerability details is valuable."
"From my point of view, it is the best product on the market."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The static scans are good, and the SaaS as well."
"The solution offers services in a few specific development languages."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"There's extensive functionality with custom rules and a custom knowledge base."
"This is a stable solution."
"The security and the dashboard are the most valuable features."
"The most valuable feature of the solution is the scanning or security part."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"It offers very good accuracy. You can trust the results."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"The intercepting feature is the most valuable."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"The integration could improve by including, for example, DevSecOps."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"Its user interface could be improved and made more friendly."
"Checkmarx could improve the speed of the scans."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"They could add a software component analysis tool."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"Scans become slow on large websites."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"The technical support team's response time is mostly delayed and should be improved."
"The number of false positives need to be reduced on the solution."
"The tool is very expensive."
"The use of system memory is an area that can be improved because it uses a lot."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →