We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The administration in Checkmarx is very good."
"The user interface is excellent. It's very user friendly."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The most valuable feature is the simple user interface."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"It helps in API testing, where manual intervention was previously necessary for each payload."
"The solution is quite helpful for session management and configuration."
"You can scan any number of applications and it updates its database."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"The integration could improve by including, for example, DevSecOps."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"The pricing can get a bit expensive, depending on the company's size."
"We have received some feedback from our customers who are receiving a large number of false positives."
"Checkmarx could be improved with more integration with third-party software."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"There is not much automation in the tool."
"The price could be better. The rest is fine."
"PortSwigger Burp Suite Professional could improve the static code review."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"As with most automated security tools, too many false positives."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Fortify on Demand. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.