We performed a comparison between Fortify WebInspect and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The user interface is ok and it is very simple to use."
"It's a well-known platform for doing dynamic application scanning."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"It is scalable and very easy to use."
"Good at scanning and finding vulnerabilities."
"The solution's technical support was very helpful."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The solution scans web applications and supports APIs, which are the main features I really like."
"You can download different plugins if you don't have them in the standard edition."
"PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The solution has a pretty simple setup."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"The solution has a great user interface."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"Creating reports is very slow and it is something that should be improved."
"The initial setup was complex."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"The scanner could be better."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"A localized version, for example, in Korean would be a big improvement to this solution."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"PortSwigger Burp Suite Professional can improve by having more features in the free version for beginners to try."
"PortSwigger Burp Suite Professional could improve the static code review."
"The pricing of the solution is quite high."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews. Fortify WebInspect is rated 7.0, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Fortify WebInspect is most compared with Fortify on Demand, Acunetix, OWASP Zap, HCL AppScan and Qualys Web Application Scanning, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Acunetix, HCL AppScan, Qualys Web Application Scanning and SonarQube. See our Fortify WebInspect vs. PortSwigger Burp Suite Professional report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.