Try our new research platform with insights from 80,000+ expert users

PortSwigger Burp Suite Enterprise Edition vs Wiz comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
PortSwigger Burp Suite Ente...
Ranking in Vulnerability Management
24th
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
12
Ranking in other categories
Dynamic Application Security Testing (DAST) (5th)
Wiz
Ranking in Vulnerability Management
1st
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
20
Ranking in other categories
Container Security (2nd), Cloud Workload Protection Platforms (CWPP) (1st), Cloud Security Posture Management (CSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (2nd), Data Security Posture Management (DSPM) (2nd), Compliance Management (1st), Cloud Detection and Response (CDR) (1st)
 

Mindshare comparison

As of April 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 0.4%. The mindshare of PortSwigger Burp Suite Enterprise Edition is 1.0%, down from 1.1% compared to the previous year. The mindshare of Wiz is 12.3%, up from 9.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Hasan Abufreiha - PeerSpot reviewer
Used for web application auditing and security audits for web applications
I would advise users to limit Burp Suite usage to specific scenarios and applications. Users should use the solution as an expert testing tool instead of using it as a general scanner or for information gathering in general. The tool might be overwhelming initially for new users, but it will be easy after you get used to the UI, features, and options. PortSwigger Burp Suite Enterprise Edition has been doing an amazing job for years compared to other similar tools. Overall, I rate the solution an eight out of ten.
Pietro Villivà - PeerSpot reviewer
Useful for security assessment and maintaining correct security posture
The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment. For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features. In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment. The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment. To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Zafran is an excellent tool."
"The tool is loaded with many features that give us ROI."
"The most valuable part of it was probably the ability to intercept and modify calls."
"We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time."
"The product's initial setup phase was super easy."
"The solution's extensions really expand the capabilities and features offered by the installation."
"The product is easy to use."
"The most valuable features of PortSwigger Burp Suite Enterprise Edition are the vast amount of options and ease of use. They frequently improve the solution every six months to a year. Additionally, if we want any more features we can upload a custom script to meet our needs."
"Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"The granularity of visibility that the platform provides is the most valuable aspect."
"Wiz is a very powerful product technologically."
"The tool's most valuable feature is its attack path analysis."
"The security baseline and vulnerability assessments is the valuable feature."
"Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The cost per license per user could be cheaper, specifically for individual licensing."
"It would be better if the solution is cloud-based."
"There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings."
"There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives."
"The solution is a bit expensive."
"It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively."
"PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers."
"The stability of the scans could be improved."
"We are still analyzing its behavior as we are in the midst of the implementation."
"They could improve the product's visibility in the internal network topology."
"In Brazil, the cost is a significant issue due to the currency exchange rate."
"Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"The reporting should be improved because until a few months ago, the reports were only in CSV format, which made it difficult to clean up. Wiz tried to improve the reporting process, but it's not as valuable as Tenable."
"The APIs are currently quite limited and not very mature, which makes integration with Splunk difficult."
"The remediation workflow within the Wiz could be improved."
 

Pricing and Cost Advice

Information not available
"PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions."
"For Professional, it's about $400 per year."
"The tool's pricing is reasonable and costs around 400 dollars per year."
"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."
"PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies."
"The cost of the other solutions is comparable to Wiz."
"The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
"The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."
"Based on the features and capabilities, the product pricing seems reasonable."
"Wiz is a moderately priced solution, where it is neither cheap nor costly."
"I wish the pricing was more transparent."
"Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz."
"If one is cheap and ten is expensive, I rate the tool's price as a five out of ten."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
Manufacturing Company
7%
Retailer
6%
Financial Services Firm
20%
Computer Software Company
13%
Manufacturing Company
9%
Government
7%
Financial Services Firm
15%
Computer Software Company
15%
Manufacturing Company
10%
Healthcare Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...
What is your primary use case for Zafran Security?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...
What do you like most about PortSwigger Burp Suite Enterprise Edition?
Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition.
What is your experience regarding pricing and costs for PortSwigger Burp Suite Enterprise Edition?
I am using the Community Edition, which is free, however, I understand there might be extra expenses for additional f...
What needs improvement with PortSwigger Burp Suite Enterprise Edition?
It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and...
What do you like most about Wiz?
With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.
What is your experience regarding pricing and costs for Wiz?
This feedback is not based on much experience yet, as we have only conducted POV or POC.
What needs improvement with Wiz?
I have not measured certain abilities on a scale yet. The ultimate value depends on the requirements of your organiza...
 

Overview

 

Sample Customers

Information Not Available
Nasa, Disney, Dow Jones, Iberia Bank, IBM, Ernest and Young, Apple, Ryanair, Thyssenkrupp, Delivery Hero
Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
Find out what your peers are saying about PortSwigger Burp Suite Enterprise Edition vs. Wiz and other solutions. Updated: April 2025.
849,190 professionals have used our research since 2012.