We performed a comparison between Acunetix and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode."
"Veracode's integration with our continuous integration solution is what I've found to be the most valuable feature. It is easy to connect the two and to run scans in an automated way without needing as much manual intervention."
"The solution can scan old databases and old code written 20 years back."
"I like the ability to integrate Veracode with other coding platforms like Visual Studio, which helps you write code quickly by implementing already inserted code. For example, if we have tags you want to put in the software, it is effortless to choose which programming language you want to use in the integrated development environment."
"The user interface is excellent, the code review process is quick and provides great analytics to understand our code better, and the SAST scan is high-speed."
"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"Overall, it's a very good tool and a very good engine."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"The initial setup is simple."
"The solution is stable."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"Enables automation of different tasks such as authorization testing."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"The most valuable feature is Burp Collaborator."
"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
"Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"There are a lot of things that are being flagged that, while they're not necessarily false positives, are not really vulnerabilities, per se, especially for the APIs. There has to be a little bit of improvement in that regard, in being able to identify what is actually a vulnerability."
"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"There are some versions of the solution that are not as stable as others."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"The pricing is a bit on the higher side."
"While we do have it integrated with other solutions, it could still offer more integrations."
"The reporting needs to be improved; it is very bad."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"The initial setup is a bit complex."
"The price could be better. The rest is fine."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
Acunetix is ranked 18th in Application Security Tools with 5 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 13 reviews. Acunetix is rated 8.2, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Acunetix writes "User-friendly and easy to set up but is a bit expensive". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "Excellent Intruder, Repeater, and Proxy features". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, Invicti, Fortify WebInspect and HCL AppScan, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Qualys Web Application Scanning, SonarQube and Invicti. See our Acunetix vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
