We performed a comparison between HCL AppScan, PortSwigger Burp Suite Professional, and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It was easy to set up."
"The reporting part is the most valuable feature."
"The UI was very intuitive."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"It provides a better integration for our ecosystem."
"The solution is quite helpful for session management and configuration."
"The most valuable feature is Burp Collaborator."
"I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
"The Spider is the most useful feature. It helps to analyze the entire web application, and it finds all the passes and offers an automated identification of security issues."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"Improve the code coverage and evaluates the technical steps and percentage of code being resolved."
"The product has a friendly UI that is easy to use and understand."
"If code coverage is a low number then that's of great value to me."
"SonarQube is a fantastic tool which saves us precious time."
"The most valuable features are code scanning and Quality Gates."
"It's enabled us to improve software quality and help us to disseminate best practices."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"Strong code evaluation for budget-minded clients."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"The pricing has room for improvement."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"It has crashed at times."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"IBM Security AppScan Source is rather hard to use."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"The tool is very expensive."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"The reporting needs to be improved; it is very bad."
"As with most automated security tools, too many false positives."
"If your application uses multi-factor authentication, registration management cannot be automated."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"The use of system memory is an area that can be improved because it uses a lot."
"We've been using the Community Edition, which means that we get to use it at our leisure, and they're kind enough to literally give it to us. However, it takes a fair amount of effort to figure out how to get everything up and running. Since we didn't go with the professional paid version, we're not entitled to support. Of course that could be self-correcting if we were to make the step to buy into this and really use it. Then their technical support would be available to us to make strides for using it better."
"There are sometimes security breaches in our code, which aren't be caught by SonarQube. In the security area, SonarCube has to improve. It needs to better compete with other products."
"It should be user-friendly."
"There isn't a very good enterprise report."
"The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at."
"From a reporting perspective, we sometimes have problems interpreting the vulnerability scan reports. For example, if it finds a possible threat, our analysts have to manually check the provided reports, and sometimes we have issues getting all the data needed to properly verify if it's accurate or not."
"The interface could be a little better and should be enhanced."
"Expression of common vulnerabilities and exposures is not always current."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →