• Home
  • Checkmarx One vs. Fortinet FortiWeb

Checkmarx One vs Fortinet FortiWeb comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
Checkmarx One
Read 67 Checkmarx One reviews
34,421 views|22,385 comparisons
86% willing to recommend
Fortinet Logo
Fortinet FortiWeb
Read 83 Fortinet FortiWeb reviews
9,391 views|6,820 comparisons
88% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Checkmarx One vs. Fortinet FortiWeb
March 2019
Executive Summary

We performed a comparison between Checkmarx One and Fortinet FortiWeb based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx One vs. Fortinet FortiWeb Report (Updated: March 2019).
Download the complete report
771,212 professionals have used our research since 2012.
Featured Review
Anonymous User
Useful automation , detailed reports, but scalability could improve
We have always used some kind of code analysis tool and Checkmarx has been working for us at this time. We like the tool.
Javed Hashmi
It offers the level of security we need at a good price point
FortiWeb provides the level of security we need at an excellent price point. It's easy to deploy and operationally efficient. FortiWeb enables us... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It gives the proper code flow of vulnerabilities and the number of occurrences.""The reports are very good because they include details on the code level, and make suggestions about how to fix the problems.""Helps us check vulnerabilities in our SAP Fiori application.""The most valuable feature is the application tracking reporting.""The solution is scalable, but other solutions are better.""It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx.""The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.""One of the most valuable features is it is flexible."

More Checkmarx One Pros →

"The most valuable feature of Fortinet FortiWeb is the ease of integration and configuration.""The GUI is user-friendly.""FortiWeb is easy to operate with a reasonably high level of protection. FortiWeb provides multiple deployment options with a physical or virtual (FortiWeb-VM) appliance, and acts either as a reverse/transparent proxy or out-of-band. It is also available on AWS and Azure.""The support services, performance, and pricing are all valuable features. The performance is excellent.""Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them.""It's stable and works efficiently against OWASP Top 10 attacks.""Provides good vulnerability scanning, IPS, and geolocalization.""Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.)."

More Fortinet FortiWeb Pros →

Cons
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement.""Checkmarx is not good because it has too many false positive issues.""Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model.""Implementing a blackout time for any user or teams: Needs improvement.""It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use.""The solution sometimes reports a false auditable code or false positive.""They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks.""Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."

More Checkmarx One Cons →

"The product’s stability could be improved.""Describing security rules should be improved. It's tricky to define new feature tools when you want to describe an attack pattern and want to block it.""It would also be helpful if they could introduce easier reporting. It's good to have those reports that go to C-level management, and Fortinet does provide some graphs, but if they went into some more detail, that would be great.""Fortinet FortiWeb could improve in reference architecture for different deployment scenarios.""If the price was lower, it would be a bit more attractive, as an option, to the customers.""The upgrade process could be a bit smoother.""The false positives are annoying.​""We want to see more detailed logging, such as audit logging, as this would significantly enhance the solution's reporting. We currently get some information from logs, but more would be better."

More Fortinet FortiWeb Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "Cheaper than others."
  • "FortiWeb can be purchased in VM mode for a lower price and the same features."
  • "Keep a loose margin between your actual bandwidth and the product sizing when using hardware appliances. Only virtual machines are upgradable to larger sizes."
  • "​It really pays off to buy licences for multiple years​."
  • "​The pricing is reasonable."
  • "The license cost depends on the size of the box or the size of the solution. It can go from €200 Euros to a few hundred thousand Euros a year depending on your size."
  • "The solution gives us the best price to performance ratio."
  • "The costs are standard. We pay around $1,600 yearly."

    • More Fortinet FortiWeb Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    771,212 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    What do you like most about Fortinet FortiWeb?
    Top Answer:The WAF profiles has been effective at mitigating web-based threats.
    Read all 48 answers   →
    What is your experience regarding pricing and costs for Fortinet FortiWeb?
    Top Answer:The pricing is in the middle. I would rate the pricing a five out of ten. It feels like a justified cost for the features, but it might get more expensive in the future. Also, keep in mind that Check… more »
    Read all 38 answers   →
    What needs improvement with Fortinet FortiWeb?
    Top Answer:I'd like more customization. I'm not sure if everyone would agree, as it might add complexity. But for advanced users, it would be really useful to have access and the ability to manipulate packets… more »
    Read all 48 answers   →
    Ranking
    3rd
    out of 74 in Application Security Tools
    Views
    34,421
    Comparisons
    22,385
    Reviews
    21
    Average Words per Review
    508
    Rating
    7.7
    4th
    out of 82 in Web Application Firewall (WAF)
    Views
    9,391
    Comparisons
    6,820
    Reviews
    22
    Average Words per Review
    754
    Rating
    7.7
    Comparisons
    Learn More
    Checkmarx
    Fortinet
    Overview

    Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

    Checkmarx One offers comprehensive application scanning across the SDLC:

    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • API security
    • Dynamic Application Security Testing (DAST)
    • Container security
    • IaC security
    • Correlation, prioritization, and risk management
    • Codebashing secure code training
    • AI security
    • Tech partnerships extending AppSec into runtime analysis
    • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

    Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

    Fortinet FortiWeb is a Web Application Firewall (WAF) that protects your web applications and APIs from attacks targeting known as well as unknown vulnerabilities. As the surface of your web applications evolves with each change of existing features and deployment of new features, your APIs are left exposed. Fortinet FortiWeb provides the board protection capabilities required to protect web applications without sacrificing performance or manageability.

    Fortinet FortiWeb is an automatic, advanced multi-layer solution that provides secure protection by discerning irregular behavior and distinguishing between malicious and benign anomalies. In addition, the approach delivers powerful bot mitigation capacities which authorize harmless bots to connect while blocking malicious bot activity securely. Regardless of where an application is hosted, Fortinet FortiWeb will safeguard business applications by providing deployment options, such as virtual machines, hardware appliances, and containers that can be deployed in the data center, cloud environments, or in the cloud-native SaaS solution.

    Fortinet FortiWeb Features and Benefits

    APIs and web applications have become integral to the rising demand for business-critical applications. Now more than ever, businesses are in need of an automatic firewall that will provide them with security, without sacrificing performance or reliability. Fortinet FortiWeb offers a variety of features and benefits, including:

    • Security fabric integration: FortiWeb integrates with other Fortinet solutions to provide advanced protection from persistent threats.

    • Proven web application and API protection: FortiWeb safeguards applications from all DDOS attacks, malicious bot attacks, and OWASP Top-10 threats.

    • Advanced visual analytics: FortiWeb offers a unique visual reporting tool that other WAF solutions don’t by providing a detailed analysis of attack elements and sources.

    • Hardware-based acceleration: With fast and secure traffic encryption and decryption, FortiWeb provides best-in-class WAF protection.

    • ML-based threat detection: FortiWeb delivers multi-layer machine learning defense protection to defend against zero-day attacks and reduce false positives.

    • False positive mitigation tools: Reduce daily management of policies through advanced tools to guarantee only unwanted traffic is blocked.

    Reviews from Real Users

    Fortinet FortiWeb offers an industry-leading Web Application Firewall, and users are satisfied with it for a number of reasons, including the ability to control everything from the dashboard and the PCI-compliant reports it offers.

    Carlos P., director of business and digital transformation at SERNIVEL3, notes, "You have the ability to control everything from one single dashboard."

    A director at a tech service company, says, "Banks have to be compliant with PCI and other things, and FortiWeb is absolutely amazing in terms of providing these reports. Otherwise, they will have to spend a lot of time on them."

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Lush, Barnabas Health, Options, Riverside Healthcare, Hillsbourough County Schools, Columbia Public Schools, Schiller AG
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Financial Services Firm24%
    Comms Service Provider20%
    Computer Software Company17%
    Government10%
    VISITORS READING REVIEWS
    Educational Organization38%
    Computer Software Company12%
    Financial Services Firm7%
    Comms Service Provider6%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise72%
    REVIEWERS
    Small Business49%
    Midsize Enterprise22%
    Large Enterprise28%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise47%
    Large Enterprise35%
    Buyer's Guide
    Checkmarx One vs. Fortinet FortiWeb
    March 2019
    Free Report: Checkmarx One vs. Fortinet FortiWeb
    Find out what your peers are saying about Checkmarx One vs. Fortinet FortiWeb and other solutions. Updated: March 2019.
    DOWNLOAD NOW
    771,212 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews. Checkmarx One is rated 7.6, while Fortinet FortiWeb is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall. See our Checkmarx One vs. Fortinet FortiWeb report.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.