Coming October 25: PeerSpot Awards will be announced! Learn more

PortSwigger Burp Suite Professional vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between PortSwigger Burp Suite Professional and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed PortSwigger Burp Suite Professional vs. Veracode report (Updated: September 2022).
634,590 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"PortSwigger Burp Suite does not hamper the node of the server, and it does not shut down the server if it is running.""There is no other tool like it. I like the intuitiveness and the plugins that are available.""I have found the best features to be the performance and there are a lot of additional plugins available.""The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well.""The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools.""The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it.""The active scanner, which does an automated search of any web vulnerabilities.""The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."

More PortSwigger Burp Suite Professional Pros →

"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool.""It's comprehensive from a feature standpoint.""The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards.""My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous.""The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools.""The Veracode technical support is very good. They are responsive and very knowledgeable.""The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use.""Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."

More Veracode Pros →

Cons
"PortSwigger Burp Suite Professional could improve the static code review.""The price could be better. The rest is fine.""It should provide a better way to integrate with Jenkins so that DAST (dynamic application security testing) can be automated.""BurpSuite has some issues regarding authentication with OAT tokens that need to be improved.""The solution lacks sufficient stability.""I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us.""We'd like to have more integration potential across all versions of the product.""One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."

More PortSwigger Burp Suite Professional Cons →

"When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly.""The product has issues with scanning.""I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help.""The solution could improve the Dynamic Analysis Security Testing(DAST).""The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved.""Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated.""I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."

More Veracode Cons →

Pricing and Cost Advice
  • "PortSwigger is reasonably-priced. It's fair."
  • "It has a yearly license. I am satisfied with its price."
  • "We are using the community version, which is free."
  • "It is expensive for us in Brazil because the currency exchange rate from a dollar to a Brazilian Real is quite steep."
  • "The price for the solution is expensive and could be cheaper. We pay an annual license and our team has several of them."
  • "It's a lower priced tool that we can rely on with good standard mechanisms."
  • "This solution requires a license. It is expensive but you receive a lot of functionality for the price."
  • "The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable."
  • More PortSwigger Burp Suite Professional Pricing and Cost Advice →

  • "Veracode's price is high. I would like them to better optimize their pricing."
  • "If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
  • "Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
  • "We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive."
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • "Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward."
  • More Veracode Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    634,590 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:I’m not aware of the pricing side of things. It might have been paid monthly, however, I don’t know much more than that.
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Top Answer:The findings of their security analysis are wonderful. You can easily go through all the analyses done by Veracode. You can see what are the flaws and what could be the best possible resolution to… more »
    Top Answer:It is quite good. If you adapt it for the whole organization, it is quite affordable. The pricing plans are good as compared to the other competitors, and any small, medium, or big company can easily… more »
    Ranking
    Views
    20,274
    Comparisons
    15,705
    Reviews
    21
    Average Words per Review
    464
    Rating
    8.6
    Views
    47,211
    Comparisons
    27,532
    Reviews
    24
    Average Words per Review
    1,453
    Rating
    8.0
    Comparisons
    Also Known As
    Burp
    Learn More
    Overview

    Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

    PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Offer
    Learn more about PortSwigger Burp Suite Professional
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Sample Customers
    Google, Amazon, NASA, FedEx, P&G, Salesforce
    State of Missouri, Rekner
    Top Industries
    REVIEWERS
    Manufacturing Company30%
    Financial Services Firm25%
    University10%
    Comms Service Provider10%
    VISITORS READING REVIEWS
    Comms Service Provider22%
    Computer Software Company22%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    Financial Services Firm31%
    Insurance Company11%
    Computer Software Company11%
    Healthcare Company7%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Financial Services Firm15%
    Comms Service Provider12%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business18%
    Midsize Enterprise18%
    Large Enterprise65%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise17%
    Large Enterprise63%
    REVIEWERS
    Small Business24%
    Midsize Enterprise27%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise13%
    Large Enterprise71%
    Buyer's Guide
    PortSwigger Burp Suite Professional vs. Veracode
    September 2022
    Find out what your peers are saying about PortSwigger Burp Suite Professional vs. Veracode and other solutions. Updated: September 2022.
    634,590 professionals have used our research since 2012.

    PortSwigger Burp Suite Professional is ranked 5th in Application Security Tools with 21 reviews while Veracode is ranked 2nd in Application Security Tools with 24 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Veracode is rated 8.0. The top reviewer of PortSwigger Burp Suite Professional writes "Best for manual penetration testing, a great user interface, and offers good scanning capabilities". On the other hand, the top reviewer of Veracode writes "Good reporting, comprehensive interface, and integrates well into our build pipeline". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, Invicti and Qualys Web Application Scanning, whereas Veracode is most compared with SonarQube, Checkmarx, Micro Focus Fortify on Demand, Coverity and Snyk. See our PortSwigger Burp Suite Professional vs. Veracode report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.