We performed a comparison between PortSwigger Burp Suite Professional and Snyk based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"Enables automation of different tasks such as authorization testing."
"The solution is quite helpful for session management and configuration."
"The most valuable features are Burp Intruder and Burp Scanner."
"The most valuable feature is the application security. It also has a reasonable price."
"Provides clear information and is easy to follow with good feedback regarding code practices."
"The advantage of Snyk is that Snyk automatically creates a pull request for all the findings that match or are classified according to the policy that we create. So, once we review the PR within Snyk and we approve the PR, Snyk auto-fixes the issue, which is quite interesting and which isn't there in any other product out there. So, Snyk is a step ahead in this particular area."
"Our customers find container scans most valuable. They are always talking about it."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"The most valuable feature of Snyk is the SBOM."
"The solution doesn't offer very good scalability."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"The number of false positives need to be reduced on the solution."
"Scanning needs to be improved in enterprise and professional versions."
"The solution’s pricing could be improved."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"For the areas that they're new in, it's very early stages for them. For example, their expertise is in looking at third-party components and packages, which is their bread-and-butter and what they've been doing for ages, but for newer features such as static analysis I don't think they've got compatibility for all the languages and frameworks yet."
"Scalability has some issues because we have a lot of code and its use is mandatory. Therefore, it can be slow at times, especially because there are a lot of projects and reporting. Some UI improvements could help with this."
"We have seen cases where tools didn't find or recognize certain dependencies. These are known issues, to some extent, due to the complexity in the language or stack that you using. There are some certain circumstances where the tool isn't actually finding what it's supposed to be finding, then it could be misleading."
"They need to improve the Snyk plugins and make it easier to make your optimizations based on your own needs or features."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"The tool should provide more flexibility and guidance to help us fix the top vulnerabilities before we go into production."
"Compatibility with other products would be great."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews while Snyk is ranked 4th in Application Security Tools with 41 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Snyk is rated 8.2. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode. See our PortSwigger Burp Suite Professional vs. Snyk report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.