Try our new research platform with insights from 80,000+ expert users

PortSwigger Burp Suite Professional vs Snyk comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

PortSwigger Burp Suite Prof...
Ranking in Application Security Tools
8th
Average Rating
8.6
Reviews Sentiment
7.9
Number of Reviews
63
Ranking in other categories
Static Application Security Testing (SAST) (6th), Fuzz Testing Tools (1st)
Snyk
Ranking in Application Security Tools
4th
Average Rating
8.0
Reviews Sentiment
7.4
Number of Reviews
45
Ranking in other categories
Container Security (8th), Software Composition Analysis (SCA) (3rd), Software Development Analytics (2nd), DevSecOps (1st)
 

Mindshare comparison

As of April 2025, in the Application Security Tools category, the mindshare of PortSwigger Burp Suite Professional is 2.0%, up from 2.0% compared to the previous year. The mindshare of Snyk is 8.0%, up from 8.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Anuradha.Kapoor Kapoor - PeerSpot reviewer
Offers efficient scanning of entire websites but presence of false positive bugs, leading to time-consuming efforts in distinguishing real bugs from false alarms
We have found that so many times, false positive bugs are there, and then we spend a lot of time basically separating them from real bugs. So that's the reason we are looking for some other tool. So we were in discussion with Acunetix. Therefore, the false positive rate is, like, something that we would like to improve. What we are looking for is if this false positive rate goes down because we were OWASP Zap tool users, which was free anyway. But there were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it. So then we thought, okay, why not we go with the tool? Even if it is not very expensive. But still, every year, we have to renew the license. And we got this tool. Again, we found that in this tool also, even if it is less, there are still a lot of false positive bugs out there. So we again have to spend so much time. So we hired a security tester, who was basically using Acunetix in his previous company for almost three years, and then you said that in that scanning is very slow. The scanning is also slow. Like, sometimes the site scan takes eight hours, six to eight hours. Yeah. And whereas in Acunetix, it took three to four hours. And plus, there are no false positives. I'm not saying none but there's very little. But here, the rate sometimes is very high. These are the two features I think we would like to improve further.
meetharoon - PeerSpot reviewer
Affordable tool boosts code scanning efficiency but faces integration hurdles
The most important feature of Snyk is its cost-effectiveness compared to other solutions such as Check Point. It is easy to consolidate Snyk across multiple entities within a large organization. Additionally, our integration of Snyk into GitHub allows us to automatically scan codebases and identify issues, which has improved efficiency.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use the solution for vulnerability assessment in respect of the application and the sites."
"Enables automation of different tasks such as authorization testing."
"The technical support from PortSwigger is excellent, managing response time and quality efficiently without any issues."
"The active scanner, which does an automated search of any web vulnerabilities."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"It is a time-saver application."
"The solution has a great user interface."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"Snyk categorizes the level of vulnerability into high, medium, and low, which helps organizations prioritize which issues to tackle first."
"Our customers find container scans most valuable. They are always talking about it."
"Our overall security has improved. We are running fewer severities and vulnerabilities in our packages. We fixed a lot of the vulnerabilities that we didn't know were there."
"It is one of the best product out there to help developers find and fix vulnerabilities quickly. When we talk about the third-party software vulnerability piece and potentially security issues, it takes the load off the user or developer. They even provide automitigation strategies and an auto-fix feature, which seem to have been adopted pretty well."
"The most valuable features include enriched information around the vulnerabilities for better triaging, in terms of the vulnerability layer origin and vulnerability tree."
"The most valuable feature of Snyk is the SBOM."
"The CLI feature is quite useful because it gives us a lot of flexibility in what we want to do. If you use the UI, all the information is there and you can see what Snyk is showing you, but there is nothing else that you can change. However, when you use the CLI, then you can use commands and can get the output or response back from Snyk. You can also take advantage of that output in a different way. For the same reason, we have been using the CLI for the hard gate in the pipeline: Obtain a particular CDSS score for vulnerability. Based on that information, we can then decide if we want to block or allow the build. We have more flexibility if we use the CLI."
"The most valuable feature of Snyk is the software composition analysis."
 

Cons

"As with most automated security tools, too many false positives."
"The solution lacks sufficient stability."
"The initial setup is a bit complex."
"It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"The technical support team's response time is mostly delayed and should be improved."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"There should be a heads up display like the one available in OWASP Zap."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"One area where Snyk could improve is in providing developers with the line where the error occurs."
"I use Snyk alongside Sonar, and Snyk tends to generate a lot of false positives. Improving the overall report quality and reducing false positives would be beneficial. I don't need additional features; just improving the existing ones would be enough."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"We've also had technical issues with blocking newly introduced vulnerabilities in PRs and that was creating a lot of extra work for developers in trying to close and reopen the PR to get rid of some areas. We ended up having to disable that feature altogether because it wasn't really working for us and it was actually slowing down developer velocity."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"Offering API access in the lower or free open-source tiers would be better. That would help our customers. If you don't have an enterprise plan, it becomes challenging to integrate with the rest of the systems. Our customers would like to have some open-source integrations in the next release."
"Basically the licensing costs are a little bit expensive."
 

Pricing and Cost Advice

"This solution requires a license. It is expensive but you receive a lot of functionality for the price."
"We are using the community version, which is free."
"PortSwigger Burp Suite Professional is an expensive solution."
"For a country such as Sri Lanka, the pricing is not reasonable."
"The pricing of the solution is cost-effective and is best suited for small and medium-sized businesses."
"This is a value for money product."
"PortSwigger Burp Suite Professional is expensive compared to other tools."
"At $400 or $500 per license paid annually, it is a very cheap tool."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"Snyk is an expensive solution."
"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
"We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon"
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
"On a scale of one to ten, where one is cheap and ten is expensive, I rate the pricing a three. It is a cheap solution."
"Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."
"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
13%
Government
12%
Manufacturing Company
7%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
10%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What do you like most about PortSwigger Burp Suite Professional?
The solution helped us discover vulnerabilities in our applications.
What is your experience regarding pricing and costs for PortSwigger Burp Suite Professional?
I find the price of PortSwigger Burp Suite Professional to be very cost-efficient.
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What do you like most about Snyk?
The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities.
What needs improvement with Snyk?
Snyk has several limitations, including issues with Gradle, NPM, and Xcode, and trouble with AutoPR. It lacks the ability to select branches on its Web UI, forcing users to rely on CLI or CI/CD for...
 

Also Known As

Burp
No data available
 

Overview

 

Sample Customers

Google, Amazon, NASA, FedEx, P&G, Salesforce
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about PortSwigger Burp Suite Professional vs. Snyk and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.