No more typing reviews! Try our Samantha, our new voice AI agent.

PortSwigger Burp Suite Enterprise Edition vs Qualys TotalCloud comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

PortSwigger Burp Suite Ente...
Ranking in Vulnerability Management
41st
Average Rating
8.0
Reviews Sentiment
7.2
Number of Reviews
12
Ranking in other categories
Dynamic Application Security Testing (DAST) (8th)
Qualys TotalCloud
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of PortSwigger Burp Suite Enterprise Edition is 1.1%, up from 0.9% compared to the previous year. The mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.1%
PortSwigger Burp Suite Enterprise Edition1.1%
Other97.8%
Vulnerability Management
 

Featured Reviews

OB
Studiant at Edifixio
Enables time-saving automated scanning and brute force attacks
The most appreciated functionality of PortSwigger Burp Suite is its ability to perform brute force attacks automatically. Its automated scanning feature saves time. Additionally, using this tool provides significant security insights, making our testing process more efficient and comprehensive, leading to considerable time savings, which in turn translates to financial benefits.
RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable part of it was probably the ability to intercept and modify calls."
"The solution's extensions really expand the capabilities and features offered by the installation."
"Its automated scanning feature saves time."
"We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time."
"The tool is loaded with many features that give us ROI."
"The product is easy to use."
"The most appreciated functionality of PortSwigger Burp Suite is its ability to perform brute force attacks automatically."
"The most valuable features of PortSwigger Burp Suite Enterprise Edition are the vast amount of options and ease of use. They frequently improve the solution every six months to a year. Additionally, if we want any more features we can upload a custom script to meet our needs."
"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."
"Qualys TotalCloud's most valuable features are its cloud security posture management, Kubernetes, and container security capabilities."
"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"If someone were to ask me to review Qualys TotalCloud, I would summarize it as an end-to-end solution for cloud security with visibility and governance-grade controls without needing to manage multiple disconnected tools."
"Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS and a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources."
"The most valuable feature of Qualys TotalCloud is the visibility it provides."
"Its excellent graphical interface makes the scanning process simple."
"The agent and agentless scanning in TotalCloud, particularly the FlexScan method, is incredibly valuable. With traditional scanning approaches, we had to give IP ranges and whitelist IPs. All that is now simplified. FlexScan requires minimal intervention, and after configuration, it automatically collects data and performs necessary scans."
 

Cons

"It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively."
"The solution is a bit expensive."
"PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers."
"The cost per license per user could be cheaper, specifically for individual licensing."
"The implementation of the solution is quite complicated and could be easier."
"It's not a stable product. Sometimes, it takes a lot of time to scan."
"It would be better if the solution is cloud-based."
"There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives."
"The vulnerability part is good, but the policy compliance module needs improvement because it involves a lot of manual work. Specifically, the remediation part of the controls requires enhancements."
"In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning."
"The support process is inefficient due to the excessive number of replies required when submitting tickets."
"There is a lack of data segregation according to criticality or inventory."
"There should be improvement from a dashboard perspective when collecting and showcasing data to lead management."
"The main area needing improvement is integration. Although the team is strengthening TotalCloud, integration can be enhanced with SIEM, SOAR, ITSM, and other sources."
"There is room for improvement in the support."
"It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard."
 

Pricing and Cost Advice

"For Professional, it's about $400 per year."
"PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies."
"PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions."
"The tool's pricing is reasonable and costs around 400 dollars per year."
"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud is expensive."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
7%
Construction Company
6%
Manufacturing Company
6%
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise2
Large Enterprise7
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
 

Questions from the Community

What is your experience regarding pricing and costs for PortSwigger Burp Suite Enterprise Edition?
I am using the Community Edition, which is free, however, I understand there might be extra expenses for additional features or services.
What needs improvement with PortSwigger Burp Suite Enterprise Edition?
It would be beneficial if Burp Suite provided predefined payloads for each attack category, such as SQL injection and cross-site scripting, to automate some tasks more effectively.
What is your primary use case for PortSwigger Burp Suite Enterprise Edition?
I work with security testing tools for SaaS, focusing on static application security testing and using tools like Burp Suite for replaying Apex.
What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple enough for everyone to understand. For example, if we find a critical or high vuln...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal applications that we create for our organization purposes, where we perform applicati...
 

Also Known As

No data available
Qualys TotalCloud with FlexScan
 

Overview

 

Sample Customers

Nasa, Disney, Dow Jones, Iberia Bank, IBM, Ernest and Young, Apple, Ryanair, Thyssenkrupp, Delivery Hero
Information Not Available
Find out what your peers are saying about PortSwigger Burp Suite Enterprise Edition vs. Qualys TotalCloud and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.