We performed a comparison between Checkmarx One and Fortinet FortiWeb based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It gives the proper code flow of vulnerabilities and the number of occurrences."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Helps us check vulnerabilities in our SAP Fiori application."
"The most valuable feature is the application tracking reporting."
"The solution is scalable, but other solutions are better."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"One of the most valuable features is it is flexible."
"The most valuable feature of Fortinet FortiWeb is the ease of integration and configuration."
"The GUI is user-friendly."
"FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure."
"The support services, performance, and pricing are all valuable features. The performance is excellent."
"Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."
"It's stable and works efficiently against OWASP Top 10 attacks."
"Provides good vulnerability scanning, IPS, and geolocalization."
"Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.)."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Checkmarx is not good because it has too many false positive issues."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"Implementing a blackout time for any user or teams: Needs improvement."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"The solution sometimes reports a false auditable code or false positive."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"The product’s stability could be improved."
"Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it."
"It would also be helpful if they could introduce easier reporting. It's good to have those reports that go to C-level management, and Fortinet does provide some graphs, but if they went into some more detail, that would be great."
"Fortinet FortiWeb could improve in reference architecture for different deployment scenarios."
"If the price was lower, it would be a bit more attractive, as an option, to the customers."
"The upgrade process could be a bit smoother."
"The false positives are annoying."
"We want to see more detailed logging, such as audit logging, as this would significantly enhance the solution's reporting. We currently get some information from logs, but more would be better."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews. Checkmarx One is rated 7.6, while Fortinet FortiWeb is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall. See our Checkmarx One vs. Fortinet FortiWeb report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.