Fortify Application Defender vs PortSwigger Burp Suite Professional comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Fortify Application Defender and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Fortify Application Defender vs. PortSwigger Burp Suite Professional Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Its ability to find security defects is valuable.""The solution helped us to improve the code quality of our organization.""The product saves us cost and time.""The most valuable features of Fortify Application Defender are the code packages that are default.""The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology.""We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment.""The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions.""Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."

More Fortify Application Defender Pros →

"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them.""It was easy to learn.""I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want.""This tool is more accurate than the other solutions that we use, and reports fewer false positives.""You can download different plugins if you don't have them in the standard edition.""BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding.""For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host.""With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."

More PortSwigger Burp Suite Professional Pros →

Cons
"The false positive rate should be lower.""The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java.""The workbench is a little bit complex when you first start using it.""Fortify Application Defender gives a lot of false positives.""Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy.""The licensing can be a little complex.""The solution is quite expensive.""Support for older compilers/IDEs is lacking."

More Fortify Application Defender Cons →

"PortSwigger Burp Suite Professional could improve the static code review.""I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions.""The initial setup is a bit complex.""The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies.""I need the solution to be more user-friendly. The solution needs to be user-friendly.""The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support.""There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it.""The Burp Collaborator needs improvement. There also needs to be improved integration."

More PortSwigger Burp Suite Professional Cons →

Pricing and Cost Advice
  • "The base licensing costs for the SaaS platform is about $900 USD per application, per year."
  • "The price of this solution could be less expensive."
  • "The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
  • "Fortify Application Defender is very expensive."
  • "The product’s price is much higher than other tools."
  • More Fortify Application Defender Pricing and Cost Advice →

  • "This is a value for money product."
  • "The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees."
  • "Our licensing cost is approximately $400 USD per year."
  • "The yearly cost is about $300."
  • "There is no setup cost and the cost of licensing is affordable."
  • "Licensing costs are about $450/year for one use. For larger organizations, they're able to test against multiple applications while simultaneously others might have multiple versions of applications which needs to be tested which is why we have the enterprise edition."
  • "There are different licenses available that include a free version."
  • "At $400 or $500 per license paid annually, it is a very cheap tool."
  • More PortSwigger Burp Suite Professional Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The product does not work well with Java coding. The false positive rate should be lower. The product should introduce more licensing models and reduce the licensing cost.
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:You can download different plugins if you don't have them in the standard edition.
    Top Answer:We pay a yearly licensing fee for the solution, which is neither cheap nor expensive.
    Ranking
    Views
    2,036
    Comparisons
    1,719
    Reviews
    3
    Average Words per Review
    282
    Rating
    6.3
    Views
    5,176
    Comparisons
    3,442
    Reviews
    18
    Average Words per Review
    490
    Rating
    8.6
    Comparisons
    Also Known As
    HPE Fortify Application Defender, Micro Focus Fortify Application Defender
    Burp
    Learn More
    Overview

    Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

    Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

    PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

    Sample Customers
    ServiceMaster, Saltworks, SAP
    Google, Amazon, NASA, FedEx, P&G, Salesforce
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company12%
    Government8%
    REVIEWERS
    Financial Services Firm22%
    Manufacturing Company22%
    Computer Software Company19%
    Comms Service Provider13%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm11%
    Comms Service Provider9%
    Government9%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise11%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business12%
    Midsize Enterprise13%
    Large Enterprise75%
    REVIEWERS
    Small Business21%
    Midsize Enterprise21%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    Fortify Application Defender vs. PortSwigger Burp Suite Professional
    March 2024
    Find out what your peers are saying about Fortify Application Defender vs. PortSwigger Burp Suite Professional and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    Fortify Application Defender is ranked 34th in Application Security Tools with 9 reviews while PortSwigger Burp Suite Professional is ranked 12th in Application Security Tools with 54 reviews. Fortify Application Defender is rated 7.8, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Fortify Application Defender writes "Reliable solution with excellent machine learning algorithms but expensive and lacking support". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Fortify Application Defender is most compared with Checkmarx, Coverity, SonarQube, CAST Application Intelligence Platform and Fortify on Demand, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Fortify Application Defender vs. PortSwigger Burp Suite Professional report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.