Veracode and PortSwigger Burp Suite Professional are leading solutions in the application security space. PortSwigger Burp Suite Professional seems to have the upper hand in features, while Veracode offers an edge in support and pricing satisfaction.
Features: Veracode provides comprehensive testing capabilities, seamless integration with CI/CD pipelines, and a user-friendly interface designed for streamlined operations. PortSwigger Burp Suite Professional offers an extensive suite of tools for advanced web application security testing, a modular approach for customization, and a robust analysis framework that allows detailed and tailored security assessments.
Room for Improvement: Veracode users have highlighted the need for faster scanning speeds, more flexible report customization, and enhancements to its vulnerability detection accuracy. PortSwigger Burp Suite Professional users seek improvements in easing the learning curve, enhanced documentation, and refinement in user onboarding processes.
Ease of Deployment and Customer Service: Veracode supports a straightforward deployment process coupled with reliable customer support, offering valuable assistance throughout setup and ongoing operations. PortSwigger Burp Suite Professional is commended for effective deployment mechanisms but is noted as lacking in direct customer support compared to Veracode.
Pricing and ROI: Veracode is often viewed as cost-effective, offering a satisfactory ROI by balancing setup costs against benefits received. PortSwigger Burp Suite Professional, while having higher initial costs, is perceived as a worthwhile investment due to its advanced features, with users feeling that the enhanced security features justify the expense over time.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
We did see a return on investment with Veracode, as we segregated our remediation efforts, which reduced our time to delivery as well as the number of engineers needed to help us in delivering a secure solution.
The technical support from PortSwigger is excellent.
The technical support for PortSwigger Burp Suite Professional is pretty good, and I would give it a nine.
Access to the engineering team is crucial for faster feedback on the product fix process.
I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.
They share detailed information via email, including screenshots or further clarification about the issue.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.
PortSwigger Burp Suite Professional is very stable.
PortSwigger Burp Suite Professional is a very stable tool, and I would rate its stability as eight out of ten.
If the Veracode server is down, we experience many issues during the scan.
I have observed that it is not that reliable in terms of security because Veracode was not able to find some security threats in our application that existed since the product was developed.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
Some AI features might be added.
The dashboard of PortSwigger Burp Suite Professional could be made more user-friendly.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
The pricing for PortSwigger is very cheap, and there are benefits in terms of time and cost savings.
I find the price of PortSwigger Burp Suite Professional to be very cost-efficient.
It's not the most expensive solution.
Overall, Veracode's pricing is lower and more scalable than many alternatives in the market.
If there's a security gap, you'll never know the cost or effect.
The most valuable feature of Burp Suite Professional is its ability to schedule tasks for scanning websites.
I especially value the features for penetration testing.
The most valuable features of PortSwigger Burp Suite Professional are its ease of use and its cost efficiency.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
| Product | Market Share (%) |
|---|---|
| Veracode | 5.4% |
| PortSwigger Burp Suite Professional | 2.4% |
| Other | 92.2% |
| Company Size | Count |
|---|---|
| Small Business | 16 |
| Midsize Enterprise | 14 |
| Large Enterprise | 35 |
| Company Size | Count |
|---|---|
| Small Business | 69 |
| Midsize Enterprise | 44 |
| Large Enterprise | 115 |
Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.
PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
