Acunetix vs PortSwigger Burp Suite Professional comparison

You must select at least 2 products to compare!
Veracode Logo
41,100 views|24,342 comparisons
Invicti Logo
9,587 views|7,049 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Acunetix and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Acunetix vs. PortSwigger Burp Suite Professional Report (Updated: March 2023).
686,748 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that.""It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed.""Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.""Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode.""Veracode's integration with our continuous integration solution is what I've found to be the most valuable feature. It is easy to connect the two and to run scans in an automated way without needing as much manual intervention.""The solution can scan old databases and old code written 20 years back.""I like the ability to integrate Veracode with other coding platforms like Visual Studio, which helps you write code quickly by implementing already inserted code. For example, if we have tags you want to put in the software, it is effortless to choose which programming language you want to use in the integrated development environment.""The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed."

More Veracode Pros →

"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well.""There is a lot of documentation on their website which makes setting it up and using it quite simple.""The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours.""Overall, it's a very good tool and a very good engine.""The most valuable feature of Acunetix is the UI and the scan results are simple."

More Acunetix Pros →

"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis.""We use the solution for vulnerability assessment in respect of the application and the sites.""The initial setup is simple.""The solution is stable.""PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.""Enables automation of different tasks such as authorization testing.""The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.""The most valuable feature is Burp Collaborator."

More PortSwigger Burp Suite Professional Pros →

"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity.""There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long.""Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry.""I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.""The solution could improve the Dynamic Analysis Security Testing(DAST).""There are a lot of things that are being flagged that, while they're not necessarily false positives, are not really vulnerabilities, per se, especially for the APIs. There has to be a little bit of improvement in that regard, in being able to identify what is actually a vulnerability.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."

More Veracode Cons →

"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year.""There are some versions of the solution that are not as stable as others.""The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions.""The pricing is a bit on the higher side.""While we do have it integrated with other solutions, it could still offer more integrations."

More Acunetix Cons →

"The reporting needs to be improved; it is very bad.""PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try.""BurpSuite has some issues regarding authentication with OAT tokens that need to be improved.""There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI.""The initial setup is a bit complex.""The price could be better. The rest is fine.""We wish that the Spider feature would appear in the same shape that it does in previous versions.""There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."

More PortSwigger Burp Suite Professional Cons →

Pricing and Cost Advice
  • "From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."
  • "The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
  • "It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily adopt Veracode. Its cost includes deployment, training, and support for one year."
  • "The cost has been a barrier to wider use here. I think my team is the only one at the university. Other folks might like to use it, but it's pretty pricey. You could see what else is in the market, but I hear that's the price for most solutions. You might not find a better deal in the market, or it might be an incomplete solution. I mean, for the level of interaction we get with Veracode staff, it's been pretty good."
  • "There is a fee to scale up the solution which I consider expensive."
  • "I know that Veracode is a semi-pricey solution. If you are serious about security, I would recommend that you use an open-source option to learn how the scanning process works and then look into Veracode if you want to really step up your game and have an all-in-one solution."
  • "I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."
  • "There are no setup or implementation charges. They offer a free trial and free consulting services... The price depends on your requirements, your source code sizes, and how complicated your source code is."
  • More Veracode Pricing and Cost Advice →

  • "It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."
  • "The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."
  • More Acunetix Pricing and Cost Advice →

  • "The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them."
  • "It's a lower priced tool that we can rely on with good standard mechanisms."
  • "This solution requires a license. It is expensive but you receive a lot of functionality for the price."
  • "The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable."
  • "For a country such as Sri Lanka, the pricing is not reasonable."
  • "They should reduce the license cost a little bit. It is $400 per user, and it would be better if they could reduce the licensing fee."
  • "There are multiple versions available of PortSwigger Burp Suite, such as enterprise, commercial, professional, and beginners."
  • "Pricing is not very high. It was around $200."
  • More PortSwigger Burp Suite Professional Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    686,748 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:The user interface is excellent, the code review process is quick and provides great analytics to understand our code… more »
    Top Answer:It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as… more »
    Top Answer:The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours.
    Top Answer:It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two… more »
    Top Answer:There are some versions of the solution that are not as stable as others.
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available… more »
    Top Answer:We use the community version. It's free. Pricing is not very high. It was around $200. They have some licenses, and… more »
    Also Known As
    Learn More

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

    Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

    PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about Acunetix
    Learn more about PortSwigger Burp Suite Professional
    Sample Customers
    State of Missouri, Rekner
    Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
    Google, Amazon, NASA, FedEx, P&G, Salesforce
    Top Industries
    Financial Services Firm30%
    Computer Software Company13%
    Insurance Company9%
    Comms Service Provider7%
    Computer Software Company19%
    Financial Services Firm16%
    Comms Service Provider8%
    Manufacturing Company7%
    Financial Services Firm36%
    Comms Service Provider14%
    Energy/Utilities Company7%
    Computer Software Company23%
    Comms Service Provider12%
    Financial Services Firm9%
    Manufacturing Company29%
    Financial Services Firm24%
    Comms Service Provider14%
    Computer Software Company21%
    Comms Service Provider15%
    Financial Services Firm8%
    Company Size
    Small Business27%
    Midsize Enterprise22%
    Large Enterprise51%
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise71%
    Small Business41%
    Midsize Enterprise18%
    Large Enterprise41%
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise62%
    Small Business20%
    Midsize Enterprise17%
    Large Enterprise63%
    Small Business22%
    Midsize Enterprise15%
    Large Enterprise63%
    Buyer's Guide
    Acunetix vs. PortSwigger Burp Suite Professional
    March 2023
    Find out what your peers are saying about Acunetix vs. PortSwigger Burp Suite Professional and other solutions. Updated: March 2023.
    686,748 professionals have used our research since 2012.

    Acunetix is ranked 18th in Application Security Tools with 5 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 13 reviews. Acunetix is rated 8.2, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Acunetix writes "User-friendly and easy to set up but is a bit expensive". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "Excellent Intruder, Repeater, and Proxy features". Acunetix is most compared with OWASP Zap, Web Application Scanning, Invicti, Fortify WebInspect and HCL AppScan, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Qualys Web Application Scanning, SonarQube and Invicti. See our Acunetix vs. PortSwigger Burp Suite Professional report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.