We performed a comparison between PortSwigger Burp Suite Professional and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The active scanner, which does an automated search of any web vulnerabilities."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"The solution is stable."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"PortSwigger Burp Suite Professional has an intercept tab that helps us to scan our APIs, set the response, and request errors."
"It offers very good accuracy. You can trust the results."
"The intercepting feature is the most valuable."
"It's hard to say that any single feature is the most essential. There are many errors and vulnerabilities in software today in the standard libraries for different vendors because. We don't need to reinvent the wheel every time because we're using standard libraries, and it's important to know that your security isn't compromised because you are using libraries with vulnerabilities."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"I like Veracode's integration with our CI/CD. It automatically scans our code when we do the build. It can also detect any security flaws in our third-party libraries. Veracode is good at pinpointing the sections of code that have vulnerabilities."
"The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen."
"Good static analysis and dynamic analysis."
"This is a great tool for learning about potential vulnerabilities in code."
"One thing we like is the secret detection feature. It has helped us to discover keys stored in our settings file as a TXT document. We can address that vulnerability by using encryption. We can even scan Docker images for vulnerabilities. Static analysis is another good feature of Veracode because we can run a security scan during development to identify the vulnerabilities."
"The coverage of backdoors attacks on security that's the most valuable for my clients."
"The technical support team's response time is mostly delayed and should be improved."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"PortSwigger Burp Suite Professional could improve the static code review."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
"The solution lacks sufficient stability."
"The price could be better. The rest is fine."
"The initial setup is a bit complex."
"The training lab is not very user-friendly and takes a long time to set up."
"Veracode needs to improve its integration with other tools."
"There might be room for improvement in the in-app guidance and the tips and tricks for the developer about how to progress. We would like more insight into the development environment, where they would get guidance on how to avoid flaws."
"While Veracode is way ahead of its competitors on Gartner Magic Quadrant, it's a bit more expensive than Fortify. It's a good solution for the cost, but if we had a high budget, we would go with Checkmarx, which is much better than Veracode."
"In some cases we use their APIs; they're not as rich as I would like."
"There are few languages that take time for scanning. It covers the majority of languages from C to Scala, but it doesn't support certain languages and the newer versions of certain languages. For example, it doesn't support SAP and new JavaScript frameworks such as Node.js and React JS. They can include support for these. If you go to their website, you can see the list of languages that are currently supported. The false-positive rates are also something they can work on."
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"To be able to upload source codes without being compiled. That’s one feature that drives us to see other sources."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Veracode is rated 8.2. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our PortSwigger Burp Suite Professional vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.