We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The solution is scalable, but other solutions are better."
"The solution allows us to create custom rules for code checks."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"Apart from software scanning, software composition scanning is valuable."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"It was easy to learn."
"The most valuable features are Burp Intruder and Burp Scanner."
"The extension that it provides with the community version for the skills mapping is excellent."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"The Repeater and the BApp extensions are particularly useful. Certain extensions, such as the Active Scan extensions and the Autoracer extension, are very good."
"The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
"Enables automation of different tasks such as authorization testing."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Implementing a blackout time for any user or teams: Needs improvement."
"Micro-services need to be included in the next release."
"The reports are good, but they still need to be improved considering what the UI offers."
"The integration could improve by including, for example, DevSecOps."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."
"There should be a heads up display like the one available in OWASP Zap."
"As with most automated security tools, too many false positives."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"The technical support team's response time is mostly delayed and should be improved."
"It would be good if the solution could give us more details about what exactly is defective."
"There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
"The number of false positives need to be reduced on the solution."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.