We performed a comparison between CodeSonar and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There is nice functionality for code surfing and browsing."
"The most valuable features of CodeSonar were all the categorized classes provided, and reports of future bugs which might occur in the production code. Additionally, I found the buffer overflow and underflow useful."
"The most valuable feature of CodeSonar is the catching of dead code. It is helpful."
"What I like best about CodeSonar is that it has fantastic speed, analysis and configuration times. Its detection of all runtime errors is also very good, though there were times it missed a few. The configuration of logs by CodeSonar is also very fantastic which I've not seen anywhere else. I also like the GUI interface of CodeSonar because it's very user friendly and the tool also shows very precise logs and results."
"The tool is very good for detecting memory leaks."
"It has been able to scale."
"CodeSonar’s most valuable feature is finding security threats."
"PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
"The solution scans web applications and supports APIs, which are the main features I really like."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The extension that it provides with the community version for the skills mapping is excellent."
"The solution has a pretty simple setup."
"The solution is stable."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"It would be beneficial for the solution to include code standards and additional functionality for security."
"It was expensive."
"The scanning tool for core architecture could be improved."
"In a future release, the solution should upgrade itself to the current trends and differentiate between the languages. If there are any classifications that can be set for these programming languages that would be helpful rather than having everything in the generic category."
"There could be a shared licensing model for the users."
"CodeSonar could improve by having better coding rules so we did not have to use another solution, such as MISRA C."
"In terms of areas for improvement, the use case for CodeSonar was good, but compared to other tools, it seems CodeSonar isn't a sound static analysis tool, and this is a major con I've seen from it. Right now, in the market, people prefer sound static analysis tools, so I would have preferred if CodeSonar was developed into a sound static analysis tool formally, in terms of its algorithms, so then you can see it extensively used in the market because at the moment, here in India, only fifty to sixty customers use CodeSonar. If the product is developed into a sound static analysis tool, it could compete with Polyspace, and from its current fifty customers, that number could go up to a hundred."
"The tool is very expensive."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."
"The scanner and crawler need to be improved."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"Scanning needs to be improved in enterprise and professional versions."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"If we're running a huge number of scans regularly, it slows down the tool."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
CodeSonar is ranked 22nd in Application Security Tools with 7 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. CodeSonar is rated 8.2, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of CodeSonar writes "Nice interface, quick to deploy, and easy to expand". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". CodeSonar is most compared with SonarQube, Coverity, Klocwork, Polyspace Code Prover and Semgrep Code, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our CodeSonar vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.