We performed a comparison between PortSwigger Burp Suite Professional and Sonatype Repository Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution scans web applications and supports APIs, which are the main features I really like."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"The solution has a pretty simple setup."
"I have found the best features to be the performance and there are a lot of additional plugins available."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The price could be better. The rest is fine."
"The pricing of the solution is quite high."
"The solution’s pricing could be improved."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"As with most automated security tools, too many false positives."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"The tool needs to improve its file systems. The product should also include zero test feature."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews while Sonatype Repository Firewall is ranked 31st in Application Security Tools with 3 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Sonatype Repository Firewall is rated 8.4. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, GitHub, Black Duck and Snyk. See our PortSwigger Burp Suite Professional vs. Sonatype Repository Firewall report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.