Try our new research platform with insights from 80,000+ expert users

PortSwigger Burp Suite Professional vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

PortSwigger Burp Suite Prof...
Ranking in Application Security Tools
8th
Average Rating
8.6
Reviews Sentiment
7.9
Number of Reviews
63
Ranking in other categories
Static Application Security Testing (SAST) (6th), Fuzz Testing Tools (1st)
Snyk
Ranking in Application Security Tools
4th
Average Rating
8.0
Reviews Sentiment
7.4
Number of Reviews
45
Ranking in other categories
Container Security (8th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of PortSwigger Burp Suite Professional is 2.0%, up from 2.0% compared to the previous year. The mindshare of Snyk is 8.0%, up from 8.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Anuradha.Kapoor Kapoor - PeerSpot reviewer
Offers efficient scanning of entire websites but presence of false positive bugs, leading to time-consuming efforts in distinguishing real bugs from false alarms
We have found that so many times, false positive bugs are there, and then we spend a lot of time basically separating them from real bugs. So that's the reason we are looking for some other tool. So we were in discussion with Acunetix. Therefore, the false positive rate is, like, something that we would like to improve. What we are looking for is if this false positive rate goes down because we were OWASP Zap tool users, which was free anyway. But there were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it. So then we thought, okay, why not we go with the tool? Even if it is not very expensive. But still, every year, we have to renew the license. And we got this tool. Again, we found that in this tool also, even if it is less, there are still a lot of false positive bugs out there. So we again have to spend so much time. So we hired a security tester, who was basically using Acunetix in his previous company for almost three years, and then you said that in that scanning is very slow. The scanning is also slow. Like, sometimes the site scan takes eight hours, six to eight hours. Yeah. And whereas in Acunetix, it took three to four hours. And plus, there are no false positives. I'm not saying none but there's very little. But here, the rate sometimes is very high. These are the two features I think we would like to improve further.
meetharoon - PeerSpot reviewer
Affordable tool boosts code scanning efficiency but faces integration hurdles
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point. It is easy to consolidate Snyk across multiple entities within a large organization. Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It offers flexibility, macros, and features to reduce the effort required for authenticated sessions."
"It was easy to learn."
"The solution helped us discover vulnerabilities in our applications."
"I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
"I rate PortSwigger Burp Suite Professional ten points out of ten."
"It's good testing software."
"One useful function is the ability to send requests to the repeater without making actual requests through the browser, allowing me to modify requests easily."
"We are mostly using it for scanning the entire website. So, we basically create a script with the entire website and then run it for different injections."
"The most valuable features of Snyk are vulnerability scanning and automation. The automation the solution brings around vulnerability scanning is useful."
"What is valuable about Snyk is its simplicity."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"Snyk's focus on security is a valuable feature. Also Snyk supports multiple programming languages, which has positively affected my security practices. I use only two or three languages, and when I change the language in a file, it detects it in the same suite. I find the AI-powered scanning overall beneficial.Using Snyk's AI-powered scanning, I can detect around ten or twenty errors in my project with about twenty thousand lines of code, so it helps improve my project by identifying a lot of potential vulnerabilities."
"It has an accurate database of vulnerabilities with a low amount of false positives."
"Snyk is a good and scalable tool."
"A main feature of Snyk is that when you go with SCA, you do get properly done security composition, also from the licensing and open-source parameters perspective. A lot of companies often use open-source libraries or frameworks in their code, which is a big security concern. Snyk deals with all the things and provides you with a proper report about whether any open-source code or framework that you are using is vulnerable. In that way, Snyk is very good as compared to other tools."
"The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point."
 

Cons

"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"The biggest drawback is reporting. It's not so good. I can download them, but they're not so informative."
"The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a challenge for many security product companies."
"The initial setup is a bit complex."
"Integration is a big problem."
"PortSwigger Burp Suite Professional could improve the static code review."
"The tool is very expensive."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"The solution could improve the reports. They have been working on improving the reports but more work could be done."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"DAST has shortcomings, and Snyk needs to improve and overcome such shortcomings."
"The tool needs improvement in license compliance. I would like to see the integration of better policy management in the product's future release. When it comes to the organization that I work for, there are a lot of business units since we are a group of companies. Each of these companies has its specific requirements and its own appetite for risk. This should be able to reflect in flexible policies. We need to be able to configure policies that can be adjusted later or overridden by the business unit that is using the product."
"The log export function could be easier when shipping logs to other platforms such as Splunk."
"The feature for automatic fixing of security breaches could be improved."
 

Pricing and Cost Advice

"We are using the community version, which is free."
"It is a cheap solution, but it may not be cheaper than other solutions."
"There is no setup cost and the cost of licensing is affordable."
"It has a yearly license. I am satisfied with its price."
"The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees."
"There are different licenses available that include a free version."
"PortSwigger is reasonably-priced. It's fair."
"The pricing of the solution is cost-effective and is best suited for small and medium-sized businesses."
"For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user."
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
"Snyk is an expensive solution."
"The pricing is reasonable."
"Despite Snyk's coverage, scalability, reliability, and stability, it is available at a very competitive price."
"The product's price is okay."
"The solution is less expensive than Black Duck."
"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
13%
Government
12%
Manufacturing Company
7%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
10%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about PortSwigger Burp Suite Professional?
The solution helped us discover vulnerabilities in our applications.
What is your experience regarding pricing and costs for PortSwigger Burp Suite Professional?
I find the price of PortSwigger Burp Suite Professional to be very cost-efficient.
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
What needs improvement with Snyk?
Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for...
 

Also Known As

Burp
No data available
 

Overview

 

Sample Customers

Google, Amazon, NASA, FedEx, P&G, Salesforce
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about PortSwigger Burp Suite Professional vs. Snyk and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.