We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The only thing I like is that Checkmarx does not need to compile."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"Helps us check vulnerabilities in our SAP Fiori application."
"Vulnerability details is valuable."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"Enables automation of different tasks such as authorization testing."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The solution has a pretty simple setup."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"The integration could improve by including, for example, DevSecOps."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"If your application uses multi-factor authentication, registration management cannot be automated."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"There is not much automation in the tool."
"PortSwigger Burp Suite Professional could improve the static code review."
"Sometimes the solution can run a little slow."
"The solution’s pricing could be improved."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.