We performed a comparison between Checkmarx One, HCL AppScan, and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The solution allows us to create custom rules for code checks."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"Less false positive errors as compared to any other solution."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"It shows in-depth code of where actual vulnerabilities are."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The static scans are good, and the SaaS as well."
"Technical support is helpful."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The solution offers services in a few specific development languages."
"We are now deploying less defects to production."
"The reporting part is the most valuable feature."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"Enables automation of different tasks such as authorization testing."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Implementing a blackout time for any user or teams: Needs improvement."
"Its user interface could be improved and made more friendly."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"IBM Security AppScan Source is rather hard to use."
"Many silly false positives are produced."
"The solution could improve by having a mobile version."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"Scans become slow on large websites."
"It has crashed at times."
"AppScan is too complicated and should be made more user-friendly."
"The scanner and crawler need to be improved."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
"There should be a heads up display like the one available in OWASP Zap."
"There needs to be better documentation provided. Currently, we need to buy books, or we need to review online some use cases from other professionals who have been using the solution to find out their experience. It is not easy to find out how to properly do a security assessment."
"The solution lacks sufficient stability."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"The reporting needs to be improved; it is very bad."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
