We performed a comparison between Checkmarx One and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The administration in Checkmarx is very good."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The extension that it provides with the community version for the skills mapping is excellent."
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running."
"The initial setup is simple."
"It is a time-saver application."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"I would like to see the DAST solution in the future."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"Checkmarx could improve by reducing the price."
"I would like to see the tool’s pricing improved."
"Meta data is always needed."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"Updating and debugging of queries is not very convenient."
"The solution doesn't offer very good scalability."
"The use of system memory is an area that can be improved because it uses a lot."
"The pricing of the solution is quite high."
"The Initial setup is a bit complex."
"The scanner and crawler need to be improved."
"If your application uses multi-factor authentication, registration management cannot be automated."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Checkmarx One is rated 7.6, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec. See our Checkmarx One vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.