Coverity vs PortSwigger Burp Suite Professional comparison

Black Duck and PortSwigger are both solutions in the Static Application Security Testing (SAST) category. Black Duck is ranked #4 with an average rating of 8.0, while PortSwigger is ranked #6 with an average rating of 8.8. Black Duck holds a 8.5% mindshare in SAST, compared to PortSwigger’s 2.1% mindshare. Additionally, 88% of Black Duck users are willing to recommend the solution, compared to 98% of PortSwigger users who would recommend it.

Coverity

Read 42 Coverity reviews

13,639 Views
9,320 Comparison Views

88% willing to recommend

PortSwigger Burp Suite Prof...

Read 62 PortSwigger Burp Suite Professional reviews

4,974 Views
3,276 Comparison Views

98% willing to recommend

Coverity

PortSwigger Burp Suite Prof...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 8, 2024

PortSwigger Burp Suite Professional and Coverity compete in the application security category. Coverity seems to have the upper hand due to its comprehensive features despite a higher price point.

Features:PortSwigger Burp Suite Professional is valued for active scanning, web application vulnerability detection, and penetration testing capabilities. Coverity offers strong code analysis features, integration capabilities within development environments, and an automated solution approach.

Room for Improvement:PortSwigger Burp Suite needs better scalability, improved performance under large workloads, and more efficient processing speeds. Coverity could improve customization options, speed during large codebase analysis, and provide more flexibility.

Ease of Deployment and Customer Service:PortSwigger Burp Suite Professional is noted for straightforward deployment and responsive customer support. Coverity's deployment can be complex due to integration options, but its customer service is recognized for professionalism and expertise.

Pricing and ROI:PortSwigger Burp Suite Professional is recognized for cost-effectiveness and quick ROI, appealing to small to midsize organizations. Coverity is more expensive; however, it offers long-term ROI through its comprehensive static analysis capabilities, justifying the cost with benefits over time.

To learn more, read our detailed Coverity vs. PortSwigger Burp Suite Professional Report (Updated: December 2024).

Buyer's Guide

Coverity vs. PortSwigger Burp Suite Professional

December 2024

Download the complete report

Helped 824,067 peers since 2012

Categories and Ranking

Coverity

Ranking in Static Application Security Testing (SAST)

4th

Average Rating

7.8

Reviews Sentiment

6.5

Number of Reviews

Ranking in other categories

No ranking in other categories

PortSwigger Burp Suite Prof...

Ranking in Static Application Security Testing (SAST)

6th

Average Rating

8.6

Reviews Sentiment

7.7

Number of Reviews

Ranking in other categories

Application Security Tools (8th), Fuzz Testing Tools (1st)

Mindshare comparison

As of December 2024, in the Static Application Security Testing (SAST) category, the mindshare of Coverity is 8.5%, up from 7.2% compared to the previous year. The mindshare of PortSwigger Burp Suite Professional is 2.1%, down from 3.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Static Application Security Testing (SAST)

Featured Reviews

Md. Shahriar Hussain

Cyber Security Chartered Engineer at Banglalink

Offers impressive reporting features with user-friendliness and high scalability

The solution can be easily setup but requires heavy integration due to the multiple types of port and programming languages involved. Comparing the resource requirements of the solution I would say it can be installed effortlessly. I would rate the initial setup an eight out of ten. A professional needs some pre-acquired knowledge to manage Coverity's deployment process, but the local solution partners provide support well enough for trouble-free deployment. The overall deployment process of Coverity took around two and a half hours in our organization. The deployment duration depends upon the operating system and resources including high-end RAM and CPU processors.

Read full review

Anton Krivonosov

Application Security Architect at Kuehne & Nagel Inc.

A special tool for penetration testers or security specialists to conduct security assessments

We use the solution for security assessments. It's a special tool for penetration testers or security specialists PortSwigger Burp Suite Professional is a standard tool in the security industry. It's a stable solution that has many features. You can download different plugins if you don't have…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The product has been beneficial in logging functionality, allowing me to categorize vulnerabilities based on severity. This aids in providing updated reports on subsequent scans."

"Coverity is easy to set up and has a less lengthy process to find vulnerabilities."

"It's pretty stable. I rate the stability of Coverity nine out of ten."

"The product is easy to use."

"The most valuable feature of Coverity is its software security feature called the Checker. If you share some vulnerability or weakness then the software can find any potential security bug or defect. The code integration tool enables some secure coding standards and implements some Checkers for Live Duo. So we can enable secure coding and Azure in this tool. So in our software, we can make sure our software combines some industry supervised data."

"The app analysis is the most valuable feature as I know other solutions don't have that."

"It help us identify the latest security vulnerabilities."

"Considering the analysis part and the benchmarking process involving the product that my company carried out, the solution is good for finding bugs and violations"

More Coverity pros

"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."

"The solution is quite helpful for session management and configuration."

"There is no other tool like it. I like the intuitiveness and the plugins that are available."

"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."

"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."

"The solution is stable."

"I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."

"The extension that it provides with the community version for the skills mapping is excellent."

More PortSwigger Burp Suite Professional pros

Cons

"The product should include more customization options. The analytics is not as deep as compared to SonarQube."

"It should be easier to specify your own validation routines and sanitation routines."

"The product could be enhanced by providing video troubleshooting guides, making issue resolution more accessible. Troubleshooting without visual guides can be time-consuming."

"Zero-day vulnerability identification can be an add-on feature that Coverity can provide."

"Sometimes, vulnerabilities remain unidentified even after setting up the rules."

"The solution could use more rules."

"I had tried integrating the tool with Azure DevOps, but the report I got stated that my team faced many challenges."

"There should be additional IDE support."

More Coverity cons

"There should be a heads up display like the one available in OWASP Zap."

"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."

"If your application uses multi-factor authentication, registration management cannot be automated."

"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."

"The scanner and crawler need to be improved."

"There is not much automation in the tool."

"The solution doesn't offer very good scalability."

"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."

More PortSwigger Burp Suite Professional cons

Pricing and Cost Advice

"I would rate the pricing a six out of ten, where one is low, and ten is high price."

"Coverity is quite expensive."

"The licensing fees are based on the number of lines of code."

"The tool's price is somewhere in the middle. It's neither cheap nor expensive. I would rate the pricing a five out of ten."

"Coverity is very expensive."

"I would rate the tool's pricing a one out of ten."

"Offers varying prices for different companies"

"The pricing is very reasonable compared to other platforms. It is based on a three year license."

More Coverity pricing and cost advice

"Our licensing cost is approximately $400 USD per year."

"The pricing of the solution is reasonable. We only need to pay for the annual subscription. I rate the pricing five out of ten."

"The platform's pricing is reasonable."

"PortSwigger Burp Suite Professional is expensive compared to other tools."

"The solution is reasonably priced."

"We pay a yearly licensing fee for the solution, which is neither cheap nor expensive."

"There are multiple versions available of PortSwigger Burp Suite, such as enterprise, commercial, professional, and beginners."

"The pricing of the solution is cost-effective and is best suited for small and medium-sized businesses."

More PortSwigger Burp Suite Professional pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

824,067 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

32%

Computer Software Company

15%

Financial Services Firm

Government

Computer Software Company

17%

Financial Services Firm

12%

Government

11%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How would you decide between Coverity and Sonarqube?

We researched Coverity, but in the end, we chose SonarQube. SonarQube is a tool for reviewing code quality and security. It helps to guide our development teams during code reviews by providing rem...

See all answers

What do you like most about Coverity?

The solution has improved our code quality and security very well.

See all answers

What is your experience regarding pricing and costs for Coverity?

I do not know about the pricing.

See all answers

Is OWASP Zap better than PortSwigger Burp Suite Pro?

OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...

See all answers

What do you like most about PortSwigger Burp Suite Professional?

The solution helped us discover vulnerabilities in our applications.

See all answers

What is your experience regarding pricing and costs for PortSwigger Burp Suite Professional?

The pricing for Burp Suite Professional is not very high, however, it could be more flexible for clients.

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Coverity

Compared 53% of the time

Klocwork vs Coverity

Compared 7% of the time

Fortify on Demand vs Coverity

Compared 6% of the time

Checkmarx One vs Coverity

Compared 5% of the time

Veracode vs Coverity

Compared 5% of the time

More Coverity Competitors

Acunetix vs PortSwigger Burp Suite Professional

Compared 18% of the time

Fortify WebInspect vs PortSwigger Burp Suite Professional

Compared 14% of the time

OWASP Zap vs PortSwigger Burp Suite Professional

Compared 11% of the time

HCL AppScan vs PortSwigger Burp Suite Professional

Compared 9% of the time

SonarQube Server (formerly SonarQube) vs PortSwigger Burp Suite Professional

Compared 8% of the time

More PortSwigger Burp Suite Professional Competitors

Product Reports

Buyer's Guide

Coverity

December 2024

Download Coverity product report

Buyer's Guide

PortSwigger Burp Suite Professional

December 2024

PortSwigger Burp Suite Professional report

Download PortSwigger Burp Suite Professional product report

Also Known As

Synopsys Static Analysis

Burp

Learn More

Black Duck

PortSwigger

Overview

Coverity gives you the speed, ease of use, accuracy, industry standards compliance, and scalability that you need to develop high-quality, secure applications. Coverity identifies critical software quality defects and security vulnerabilities in code as it’s written, early in the development process, when it’s least costly and easiest to fix. With the Code Sight integrated development environment (IDE) plugin, developers get accurate analysis in seconds in their IDE as they code. Precise actionable remediation advice and context-specific eLearning help your developers understand how to fix their prioritized issues quickly, without having to become security experts.

Coverity seamlessly integrates automated security testing into your CI/CD pipelines and supports your existing development tools and workflows. Choose where and how to do your development: on-premises or in the cloud with the Polaris Software Integrity Platform (SaaS), a highly scalable, cloud-based application security platform. Coverity supports more than 20 languages and 200 frameworks and templates.

Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

Sample Customers

SAP, Mega International, Thales Alenia Space

Google, Amazon, NASA, FedEx, P&G, Salesforce

Buyer's Guide

Coverity vs. PortSwigger Burp Suite Professional

December 2024

Free Report: Coverity vs. PortSwigger Burp Suite Professional

Find out what your peers are saying about Coverity vs. PortSwigger Burp Suite Professional and other solutions. Updated: December 2024.

DOWNLOAD NOW

824,067 professionals have used our research since 2012.

See our Coverity vs. PortSwigger Burp Suite Professional report.

See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.