We performed a comparison between Checkmarx One, OWASP Zap, and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."The solution has good performance, it is able to compute in 10 to 15 minutes."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"From my point of view, it is the best product on the market."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"Simple to use, good user interface."
"The solution is scalable."
"The application scanning feature is the most valuable feature."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"Simple and easy to learn and master."
"The initial setup is simple."
"You can scan any number of applications and it updates its database."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"I would like to see the rate of false positives reduced."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Checkmarx needs to be more scalable for large enterprise companies."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"The validation process needs to be sped up."
"The integration could improve by including, for example, DevSecOps."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"Sometimes, we get some false positives."
"Deployment is somewhat complicated."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"OWASP Zap needs to extend to mobile application testing."
"The documentation is lacking and out-of-date, it really needs more love."
"The product reporting could be improved."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"There is not much automation in the tool."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"The solution doesn't offer very good scalability."
"PortSwigger Burp Suite Professional could improve the static code review."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →