Try our new research platform with insights from 80,000+ expert users

PortSwigger Burp Suite Professional vs Veracode comparison

PortSwigger and Veracode are both solutions in the Application Security Tools category. PortSwigger is ranked #10 with an average rating of 8.7, while Veracode is ranked #2 with an average rating of 8.1. PortSwigger holds a 2.2% mindshare in AS, compared to Veracode’s 9.2% mindshare. Additionally, 98% of PortSwigger users are willing to recommend the solution, compared to 90% of Veracode users who would recommend it.
PortSwigger Burp Suite Prof...
Read 63 PortSwigger Burp Suite Professional reviews
  • 2,942 Views
  • 1,779 Comparison Views
98% willing to recommend
Veracode
Read 201 Veracode reviews
  • 14,613 Views
  • 9,530 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Veracode and PortSwigger Burp Suite Professional are leading solutions in the application security space. PortSwigger Burp Suite Professional seems to have the upper hand in features, while Veracode offers an edge in support and pricing satisfaction.

Features: Veracode provides comprehensive testing capabilities, seamless integration with CI/CD pipelines, and a user-friendly interface designed for streamlined operations. PortSwigger Burp Suite Professional offers an extensive suite of tools for advanced web application security testing, a modular approach for customization, and a robust analysis framework that allows detailed and tailored security assessments.

Room for Improvement: Veracode users have highlighted the need for faster scanning speeds, more flexible report customization, and enhancements to its vulnerability detection accuracy. PortSwigger Burp Suite Professional users seek improvements in easing the learning curve, enhanced documentation, and refinement in user onboarding processes.

Ease of Deployment and Customer Service: Veracode supports a straightforward deployment process coupled with reliable customer support, offering valuable assistance throughout setup and ongoing operations. PortSwigger Burp Suite Professional is commended for effective deployment mechanisms but is noted as lacking in direct customer support compared to Veracode.

Pricing and ROI: Veracode is often viewed as cost-effective, offering a satisfactory ROI by balancing setup costs against benefits received. PortSwigger Burp Suite Professional, while having higher initial costs, is perceived as a worthwhile investment due to its advanced features, with users feeling that the enhanced security features justify the expense over time.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed PortSwigger Burp Suite Professional vs. Veracode Report (Updated: June 2025).
Buyer's Guide
PortSwigger Burp Suite Professional vs. Veracode
June 2025
Download the complete report
Helped 856,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

PortSwigger Burp Suite Prof...
Ranking in Application Security Tools
10th
Ranking in Static Application Security Testing (SAST)
5th
Average Rating
8.6
Reviews Sentiment
7.9
Number of Reviews
63
Ranking in other categories
Fuzz Testing Tools (1st)
Veracode
Ranking in Application Security Tools
2nd
Ranking in Static Application Security Testing (SAST)
2nd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
201
Ranking in other categories
Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

As of June 2025, in the Application Security Tools category, the mindshare of PortSwigger Burp Suite Professional is 2.2%, up from 1.9% compared to the previous year. The mindshare of Veracode is 9.2%, down from 10.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Anuradha.Kapoor Kapoor - PeerSpot reviewer
Offers efficient scanning of entire websites but presence of false positive bugs, leading to time-consuming efforts in distinguishing real bugs from false alarms
We have found that so many times, false positive bugs are there, and then we spend a lot of time basically separating them from real bugs. So that's the reason we are looking for some other tool. So we were in discussion with Acunetix. Therefore, the false positive rate is, like, something that we would like to improve. What we are looking for is if this false positive rate goes down because we were OWASP Zap tool users, which was free anyway. But there were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it. So then we thought, okay, why not we go with the tool? Even if it is not very expensive. But still, every year, we have to renew the license. And we got this tool. Again, we found that in this tool also, even if it is less, there are still a lot of false positive bugs out there. So we again have to spend so much time. So we hired a security tester, who was basically using Acunetix in his previous company for almost three years, and then you said that in that scanning is very slow. The scanning is also slow. Like, sometimes the site scan takes eight hours, six to eight hours. Yeah. And whereas in Acunetix, it took three to four hours. And plus, there are no false positives. I'm not saying none but there's very little. But here, the rate sometimes is very high. These are the two features I think we would like to improve further.
Read full review
David-Robertson - PeerSpot reviewer
Static scanning and software composition analysis are very helpful, but the usability needs improvement
Static scanning and software composition analysis are very helpful. My colleagues and I don't need to be experts on all of those ancillary things, so we can focus more on the business deliverables. They have a pretty good tool that allows me to run scans of my local integrated development environment. I can find a lot of those flaws a lot sooner than I would if I had to wait for these cloud-based scans. They've come out with some sort of automated fix feature. I haven't used it, but they gave us a demo of it, and that one looks promising. I don't know if it's ready for prime time yet.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"The most valuable feature of PortSwigger Burp Suite Professional is the advanced features, user-friendly interface, and integration with other tools."
"The most valuable features of PortSwigger Burp Suite Professional are its ease of use and its cost efficiency."
"The most valuable feature is the application security. It also has a reasonable price."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"The solution has a great user interface."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"You can download different plugins if you don't have them in the standard edition."
More PortSwigger Burp Suite Professional pros
"The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well."
"It's hard to say that any single feature is the most essential. There are many errors and vulnerabilities in software today in the standard libraries for different vendors because. We don't need to reinvent the wheel every time because we're using standard libraries, and it's important to know that your security isn't compromised because you are using libraries with vulnerabilities."
"This static analysis helps ensure a secure application rollout across all environments."
"Static Scanning is the most valuable feature of Veracode."
"It has provided what we were looking for in such an application, meaning static application security testing functionality. That was what we were interested in."
"The time savings has been tremendous. We saw ROI in the first six months."
"It gives me an idea about the most important vulnerabilities and fast remediation tips."
"The most valuable features of Veracode Static Analysis are its ability to work with GitLab and GitHub so that you can do the reviews and force the code."
More Veracode pros
 

Cons

"The use of system memory is an area that can be improved because it uses a lot."
"There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual."
"It would be beneficial to have privileged access management as a part of Burp Suite Professional."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"It would be good if the solution could give us more details about what exactly is defective."
"We'd like to have more integration potential across all versions of the product."
"Integration is a big problem."
More PortSwigger Burp Suite Professional cons
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"Software developers are always thinking about the next big thing but lose sight of what's happening right now. If you have an idea for a feature request, you must submit it to be voted on by the Veracode community. I don't like this. No one will look at it unless enough people vote for it."
"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."
"The JIRA integration automation aspect of it could be improved significantly. We want to have a way to create tickets that are going to allow people to work through those flaws that we're finding. We don't want people to feel like they're missing out on something or that they're not following directions in the right way."
"I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help."
"It's very expensive for a small organization."
"In some cases we use their APIs; they're not as rich as I would like."
"The pricing for qualified startups such as Neo4j could be improved."
More Veracode cons
 

Pricing and Cost Advice

"The solution used to be expensive. However, they have reduced the price to approximately $400.00 which is reasonable."
"There is no setup cost and the cost of licensing is affordable."
"Burp Suite is affordable."
"I rate the pricing a four out of ten."
"PortSwigger is a bit expensive."
"The platform's pricing is reasonable."
"At $400 or $500 per license paid annually, it is a very cheap tool."
"PortSwigger Burp Suite Professional is an expensive solution."
More PortSwigger Burp Suite Professional pricing and cost advice
"The price of Veracode Static Analysis is expensive. There is an annual fee to use the solution and the company is upfront with the pricing model and fees."
"I think it's a great value. It's at a price point that a small company like mine can afford to use versus, if it was too exorbitant, I wouldn't be able to use this product. The cost of the license is small in comparison to the value it brings"
"I don't have firsthand knowledge of Veracode pricing, but based on client feedback, it seems to be expensive with additional fees for certain features."
"The pricing and licensing are reasonable, and relatively straightforward, and different licensing and subscription models are available."
"The solution is expensive."
"I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."
"For enterprises, Veracode has done a fairly good job, but its pricing is not suitable for startups. The microservice distributed architecture for a startup is very small. I had to do a lot of discussions on the pricing initially. I previously worked in an enterprise organization where I used Veracode, and that's how I got to know about Veracode, but that was a big organization with more than a thousand employees. So, the cost is very different for them because the size of the application is different. Its pricing makes sense there, but when we try to onboard this solution for the startup ecosystem, pricing is not friendly. Because I knew the product and I knew its value, I onboarded it, but I don't think any other startup at our scale will onboard it."
"The pricing is a little on the high side but since we combine our product into one suite, it is easy to do and works well for us."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
856,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
13%
Government
11%
Manufacturing Company
7%
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
8%
Insurance Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
See all answers
What do you like most about PortSwigger Burp Suite Professional?
The solution helped us discover vulnerabilities in our applications.
See all answers
What is your experience regarding pricing and costs for PortSwigger Burp Suite Professional?
I find the price of PortSwigger Burp Suite Professional to be very cost-efficient.
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
See all answers
What do you like most about Veracode?
The SAST and DAST modules are great.
See all answers
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
See all answers
 

Comparisons

Acunetix vs PortSwigger Burp Suite Professional Logo
Acunetix vs PortSwigger Burp Suite Professional
Compared 18% of the time
Fortify WebInspect vs PortSwigger Burp Suite Professional Logo
Fortify WebInspect vs PortSwigger Burp Suite Professional
Compared 14% of the time
OWASP Zap vs PortSwigger Burp Suite Professional Logo
OWASP Zap vs PortSwigger Burp Suite Professional
Compared 10% of the time
SonarQube Server (formerly SonarQube) vs PortSwigger Burp Suite Professional Logo
SonarQube Server (formerly SonarQube) vs PortSwigger Burp Suite Professional
Compared 8% of the time
Qualys Web Application Scanning vs PortSwigger Burp Suite Professional Logo
Qualys Web Application Scanning vs PortSwigger Burp Suite Professional
Compared 3% of the time
More PortSwigger Burp Suite Professional Competitors
SonarQube Server (formerly SonarQube) vs Veracode Logo
SonarQube Server (formerly SonarQube) vs Veracode
Compared 19% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 10% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 7% of the time
Fortify on Demand vs Veracode Logo
Fortify on Demand vs Veracode
Compared 4% of the time
Snyk vs Veracode Logo
Snyk vs Veracode
Compared 4% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
PortSwigger Burp Suite Professional
May 2025
PortSwigger Burp Suite Professional reportDownload PortSwigger Burp Suite Professional product report
Buyer's Guide
Veracode
May 2025
Veracode reportDownload Veracode product report
 

Also Known As

Burp
Crashtest Security , Veracode Detect
 

Overview

Burp Suite Professional, by PortSwigger, is the world’s leading toolkit for web security testing. Over 52,000 users worldwide, across all industries and organization sizes, trust Burp Suite Professional to find more vulnerabilities, faster. With expertly-engineered manual and automated tooling, you're able to test smarter - not harder.

PortSwigger is the web security company that is enabling the world to secure the web. Over 50,000 security engineers rely on our software and expertise to secure their world.

PortSwigger

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Google, Amazon, NASA, FedEx, P&G, Salesforce
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
PortSwigger Burp Suite Professional vs. Veracode
June 2025
Free Report: PortSwigger Burp Suite Professional vs. Veracode
Find out what your peers are saying about PortSwigger Burp Suite Professional vs. Veracode and other solutions. Updated: June 2025.
DOWNLOAD NOW
856,873 professionals have used our research since 2012.
See our PortSwigger Burp Suite Professional vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.