We performed a comparison between PortSwigger Burp Suite Professional and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"I have found the best features to be the performance and there are a lot of additional plugins available."
"For pentesting scenarios, this is the number one tool. It can capture the request, and there are so many functions that are very good for that. For example, a black box satellite host."
"The intercepting feature is the most valuable."
"The solution has a pretty simple setup."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The solution is stable."
"It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."
"Veracode is very easy to use."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
"Scanning of .war and .jar is key for us."
"The most valuable feature of Veracode Static Analysis is the scanning."
"The integration capabilities with our existing development tools are very good."
"It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved."
"With the tools that Veracode provides, our developers are actually able to comprehend what the vulnerability was and then resolve it. So a lot of knowledge has been grown as a result, around security, with our developers."
"The technical support team's response time is mostly delayed and should be improved."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."
"The Initial setup is a bit complex."
"The scanner and crawler need to be improved."
"The price could be better. The rest is fine."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"It does nearly everything, but penetration testing."
"I would like Veracode to add more language support."
"Veracode can be improved in terms of software composition analysis and related vulnerabilities."
"I would like to see more AI features. It's a current subject because with ChatGPT and other solutions being developed all the time, IT attacks will increase... To defend against those it's very important that the good guys use AI in ways that are good instead of bad."
"The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I find this report?" Or "How do I do this?" They always respond with, "Here's how you do it." But that points to a somewhat non-intuitive portal."
"It's taking too much time to do a quality scan."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. PortSwigger Burp Suite Professional is rated 8.6, while Veracode is rated 8.2. The top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Rapid7 InsightAppSec, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our PortSwigger Burp Suite Professional vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.