- Great customer support.
- Reporting features.
- Supports importing state files from other popular application testing tools.
- Has other features built-in beyond just scanning for vulnerabilities.
- Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
- Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
- The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
I rarely need support from the vendor, but when I do, they have been responsive and able to solve the issue quickly.