We performed a comparison between PortSwigger Burp Suite Professional and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"It is a time-saver application."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools."
"The solution has a great user interface."
"The solution has a pretty simple setup."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."
"One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important."
"The automation of Veracode is great because we no longer have to run manual testing."
"We like the fact that all the issues are identified and that Veracode provides sufficient information on how to resolve them."
"It gives me an idea about the most important vulnerabilities and fast remediation tips."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful."
"The most valuable feature comes from the fact that it is cloud-based, and I can scale up without having to worry about any other infrastructure needs."
"The Initial setup is a bit complex."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"It would be good if the solution could give us more details about what exactly is defective."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."
"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."
"They need to have a plug-in, a better integration with the development environment."
"The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most."
"Some features could be improved in terms of user-friendliness."
"The security labs integration has room for improvement."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Veracode is rated 8.2. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Nucleus, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our PortSwigger Burp Suite Professional vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.