No more typing reviews! Try our Samantha, our new voice AI agent.

PortSwigger Burp Suite Enterprise Edition vs Wiz comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
PortSwigger Burp Suite Ente...
Ranking in Vulnerability Management
41st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
12
Ranking in other categories
Dynamic Application Security Testing (DAST) (8th)
Wiz
Ranking in Vulnerability Management
1st
Average Rating
8.8
Reviews Sentiment
7.0
Number of Reviews
49
Ranking in other categories
Container Security (1st), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (1st), Data Security Posture Management (DSPM) (1st), Compliance Management (1st), Cloud Detection and Response (CDR) (1st), AI Security (4th)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of PortSwigger Burp Suite Enterprise Edition is 1.1%, up from 0.9% compared to the previous year. The mindshare of Wiz is 4.4%, down from 11.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Wiz4.4%
Qualys TotalCloud1.1%
PortSwigger Burp Suite Enterprise Edition1.1%
Other93.4%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
OB
Studiant at Edifixio
Enables time-saving automated scanning and brute force attacks
The most appreciated functionality of PortSwigger Burp Suite is its ability to perform brute force attacks automatically. Its automated scanning feature saves time. Additionally, using this tool provides significant security insights, making our testing process more efficient and comprehensive, leading to considerable time savings, which in turn translates to financial benefits.
Peter Whelan - PeerSpot reviewer
CISO at a computer software company with 1,001-5,000 employees
Improved our security posture thanks to comprehensive visibility
I have contacted Wiz technical support frequently. The support is excellent. We contact via an in-application portal. We can see the support cases we personally open, and also the cases that other people have opened from our company. I appreciate that feature. Generally, support gets back to us within a few days with a good answer. There was one fellow in particular who has been knocking it out of the park. He is a great support person to deal with. We are happy with the support experience. If I were to put Wiz support on a scale from one to ten, I would give them a ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"TotalCloud provides the easiest and the best approach for cloud infrastructure management."
"The scalability is good as well. I would rate it ten out of ten."
"I found the initial setup user-friendly."
"Its excellent graphical interface makes the scanning process simple."
"Qualys TotalCloud provides a single, prioritized view of risk, reducing the workload associated with consolidating multiple sources for risk prioritization."
"The most valuable feature is the consolidated information that it provides from various platforms."
"I highly recommend Qualys TotalCloud to other users."
"I would rate Qualys TotalCloud ten out of ten."
"The most appreciated functionality of PortSwigger Burp Suite is its ability to perform brute force attacks automatically."
"The most valuable part of it was probably the ability to intercept and modify calls."
"The most valuable features of PortSwigger Burp Suite Enterprise Edition are the vast amount of options and ease of use. They frequently improve the solution every six months to a year. Additionally, if we want any more features we can upload a custom script to meet our needs."
"The tool is loaded with many features that give us ROI."
"This tool helps identify vulnerabilities. We then provide the report to the developers, who address the issues identified automatically. Its most valuable feature is CI/CD integration."
"The solution's extensions really expand the capabilities and features offered by the installation."
"We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time."
"The product's initial setup phase was super easy."
"Wiz significantly helped with our compliance requirements."
"One feature I particularly appreciate about Wiz is that, similar to other cloud-native security tools like Microsoft's Defender for Cloud, it allows you to define policies as code and deploy them through a version control system with a continuous deployment pipeline."
"For any organization who want to think of moving to Wiz, the Security Graph feature is amazing and awesome, giving you deeper information than any other tools does and allowing a small security team to manage a massive complex cloud environment without hiring dozens of additional users to look into it."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"If anyone wants to secure their infrastructure, cloud environment, or Kubernetes cluster, I would strongly recommend Wiz as a tool because it is easy to use and user-friendly."
"One of the things that Wiz has done well is that there are no agents for the CSPM, at least from what we are doing, and it is very easy to roll out, easy to configure, maintain, and generally it does what it says it does with few issues."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
 

Cons

"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage."
"There is room for improvement in the support."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"The onboarding process is a bit difficult. In the initial phase, it is very difficult to understand the features, what the dashboard contains, and what criteria they are using."
"The areas in the solution that have room for improvement include the UI/UX design, which should be improved, and they should integrate more artificial intelligence into the product."
"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."
"Qualys' customer service provides quality answers, but the response time is long, even though it is within the SLA."
"There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives."
"It would be better if the solution is cloud-based."
"There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings."
"It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively."
"The stability of the scans could be improved."
"It's not a stable product. Sometimes, it takes a lot of time to scan."
"PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers."
"The stability is a big issue. So many times the scans fail."
"When integrating multiple clouds like hybrid cloud with Wiz, these processes need to be more user-friendly because more scripting is required in this scenario."
"The remediation workflow within the Wiz could be improved."
"They could improve the product's visibility in the internal network topology."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"As for stability, we have seen some issues where our results changed radically from one day to the next, but we had not made radical changes, so we opened a case with support."
"FinOps is an area where Wiz needs enhancement."
"There is room for improvement in Wiz, particularly in operator management, as general operators may lack the necessary knowledge, requiring an easier-to-understand tool."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
 

Pricing and Cost Advice

"Qualys TotalCloud offers cost-effective licensing flexibility."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"TotalCloud's price is about right where I would expect it to be."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is expensive."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions."
"The tool's pricing is reasonable and costs around 400 dollars per year."
"For Professional, it's about $400 per year."
"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."
"PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies."
"Wiz is a moderately priced solution, where it is neither cheap nor costly."
"Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz."
"The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
"The cost of the other solutions is comparable to Wiz."
"Based on the features and capabilities, the product pricing seems reasonable."
"If one is cheap and ten is expensive, I rate the tool's price as a five out of ten."
"The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."
"I wish the pricing was more transparent."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
903,118 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
20%
Computer Software Company
7%
Construction Company
6%
Manufacturing Company
6%
Financial Services Firm
14%
Computer Software Company
11%
Manufacturing Company
10%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise2
Large Enterprise7
By reviewers
Company SizeCount
Small Business11
Midsize Enterprise10
Large Enterprise30
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What is your experience regarding pricing and costs for PortSwigger Burp Suite Enterprise Edition?
I am using the Community Edition, which is free, however, I understand there might be extra expenses for additional f...
What needs improvement with PortSwigger Burp Suite Enterprise Edition?
It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and...
What is your primary use case for PortSwigger Burp Suite Enterprise Edition?
I work with security testing tools for SaaS, focusing on static application security testing and using tools like Bur...
What is your experience regarding pricing and costs for Wiz?
Wiz is fairly priced compared to competitors and fits well within a low budget. Wiz is less expensive than Microsoft ...
What needs improvement with Wiz?
As an extensive user of Wiz, I have noticed that one critical area Wiz is missing is context. It is performing well i...
What is your primary use case for Wiz?
I am using Wiz for CNAPP and DSPM, primarily for vulnerability and exposure management. These are the key areas I am ...
 

Also Known As

Qualys TotalCloud with FlexScan
No data available
No data available
 

Overview

 

Sample Customers

Information Not Available
Nasa, Disney, Dow Jones, Iberia Bank, IBM, Ernest and Young, Apple, Ryanair, Thyssenkrupp, Delivery Hero
Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
Find out what your peers are saying about PortSwigger Burp Suite Enterprise Edition vs. Wiz and other solutions. Updated: June 2026.
903,118 professionals have used our research since 2012.