We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"It shows in-depth code of where actual vulnerabilities are."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"Helps us check vulnerabilities in our SAP Fiori application."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The UI is very intuitive and simple to use."
"In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
"You can scan any number of applications and it updates its database."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"You can download different plugins if you don't have them in the standard edition."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The most valuable features are Burp Intruder and Burp Scanner."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx needs to be more scalable for large enterprise companies."
"The solution sometimes reports a false auditable code or false positive."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"PortSwigger Burp Suite Professional could improve the static code review."
"If we're running a huge number of scans regularly, it slows down the tool."
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"Scanning needs to be improved in enterprise and professional versions."
"As with most automated security tools, too many false positives."
"The initial setup is a bit complex."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.