Try our new research platform with insights from 80,000+ expert users

PortSwigger Burp Suite Enterprise Edition vs Qualys VMDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
PortSwigger Burp Suite Ente...
Ranking in Vulnerability Management
24th
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
12
Ranking in other categories
Dynamic Application Security Testing (DAST) (5th)
Qualys VMDR
Ranking in Vulnerability Management
2nd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
93
Ranking in other categories
IT Asset Management (5th), Configuration Management Databases (2nd), Container Security (12th), Risk-Based Vulnerability Management (2nd)
 

Mindshare comparison

As of April 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 0.4%. The mindshare of PortSwigger Burp Suite Enterprise Edition is 1.0%, down from 1.1% compared to the previous year. The mindshare of Qualys VMDR is 9.0%, down from 13.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Hasan Abufreiha - PeerSpot reviewer
Used for web application auditing and security audits for web applications
I would advise users to limit Burp Suite usage to specific scenarios and applications. Users should use the solution as an expert testing tool instead of using it as a general scanner or for information gathering in general. The tool might be overwhelming initially for new users, but it will be easy after you get used to the UI, features, and options. PortSwigger Burp Suite Enterprise Edition has been doing an amazing job for years compared to other similar tools. Overall, I rate the solution an eight out of ten.
Harold Jensen - PeerSpot reviewer
Good visibility but expensive and needs better support
Support: It's often overseas and often following a script, basically asking us to redo what we opened the case with. Multiple APIs: There seems to be a lack of easy onboarding into Qualys. We had to use manual inputs and some API calls to get items in place. Dashboard: It is very rudimentary with very little customization. The Qualys Scripting Language (QSL) works differently in different Qualys modules, so when you get it working in one area you have to modify the syntax in others. User account management: We often have to give users more rights than needed just to give them what they need. Integration with the various Qualys Modules: You can tell the UI is different based on of the different teams that created them. QSL syntax same in all modules Responsiveness of some of the components: They time out, you get a blank screen, etc. Backend updates between the various modules: You update connectors and information takes a few minutes to show in VMDR or Global Asset View Connectors: Connectors have a throttling issue with AWS which causes them to frequently fail unless you manually run them again.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"The product's initial setup phase was super easy."
"The product is easy to use."
"The most appreciated functionality of PortSwigger Burp Suite is its ability to perform brute force attacks automatically."
"I like normal dynamic scanning, general web applications scanning, and vulnerability assessments."
"Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition."
"The most valuable features of PortSwigger Burp Suite Enterprise Edition are the vast amount of options and ease of use. They frequently improve the solution every six months to a year. Additionally, if we want any more features we can upload a custom script to meet our needs."
"The tool is loaded with many features that give us ROI."
"The most valuable part of it was probably the ability to intercept and modify calls."
"The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe. It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment"
"The Vulnerability Management and Patch Management features are the most valuable features of this solution."
"The prioritization feature is great. I think it has all of the advanced features that we need."
"Vulnerability management is the most valuable one and it’s a must in every organization."
"The reporting is fine."
"Monitors workstations and servers for vulnerabilities and creates reports."
"I am impressed with the VMDR feature."
"Continuous monitoring is a crucial feature that we use more frequently."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The implementation of the solution is quite complicated and could be easier."
"There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings."
"The cost per license per user could be cheaper, specifically for individual licensing."
"PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers."
"There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives."
"It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively."
"It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively."
"The stability of the scans could be improved."
"Sometimes we face a problem with accessing the tool and not getting an expected result. From a technology point of view, they need to look into this."
"I would like to have CSPM, a continuous scan-like cloud added to the solution."
"What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
"Qualys does have an on-prem solution, but it is very expensive."
"If anything, I would like to see the user interface modernized a bit more."
"Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time."
"I would like to see this solution more developed and competitive in the Cloud space."
"The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases."
 

Pricing and Cost Advice

Information not available
"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."
"PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions."
"For Professional, it's about $400 per year."
"PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies."
"The tool's pricing is reasonable and costs around 400 dollars per year."
"Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better."
"Qualys VM is reasonably priced."
"I used to work there, so I never paid for the product. As an employee, we get a lifetime license for personal use, and that's what I'm using. It is a comprehensive platform, so there is a lot more to it. There could be other solutions that are probably a little bit cheaper, but it depends on what people need. Different people have different needs. It offers many things on the same platform. If you add all the things up, it should be cheaper, but I have not done any analysis specifically."
"Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
"We have an annual contract for Qualys VMDR. I believe it's for either two years or five years."
"Qualys is cheaper and more affordable than other solutions."
"They have recently changed the pricing model, which is now better than it was before."
"Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
7%
Retailer
6%
Financial Services Firm
20%
Computer Software Company
13%
Manufacturing Company
9%
Government
7%
Educational Organization
34%
Financial Services Firm
11%
Computer Software Company
10%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...
What is your primary use case for Zafran Security?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...
What do you like most about PortSwigger Burp Suite Enterprise Edition?
Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition.
What is your experience regarding pricing and costs for PortSwigger Burp Suite Enterprise Edition?
I am using the Community Edition, which is free, however, I understand there might be extra expenses for additional f...
What needs improvement with PortSwigger Burp Suite Enterprise Edition?
It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and...
What do you like most about Qualys VMDR?
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagg...
What is your experience regarding pricing and costs for Qualys VMDR?
Qualys offers better pricing and is feature-packed compared to other tools.
What needs improvement with Qualys VMDR?
They can tweak their UI since the new version seems a bit jumbled up, and the old UI was more user-friendly.
 

Also Known As

No data available
No data available
Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security
 

Overview

 

Sample Customers

Information Not Available
Nasa, Disney, Dow Jones, Iberia Bank, IBM, Ernest and Young, Apple, Ryanair, Thyssenkrupp, Delivery Hero
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx
Find out what your peers are saying about PortSwigger Burp Suite Enterprise Edition vs. Qualys VMDR and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.