Share your experience using Continuous Dynamic (formerly WhiteHat Dynamic)

I usually recommend this solution for financial institutions. Banks and financial institutions need this solution mostly because they have to follow stringent compliance advisory requirements, so they must have this solution.

My team is working with this product because we are a service provider and have provided this service to our customers. From that perspective, I cannot go into detail on the feature sets if you are interested in knowing that. However, as far as I know, we are providing the service, and customers are satisfied with it because we are getting renewals.

Customers use the product for scanning purposes and do not want to be restricted with respect to the number of scans they perform. The scanning can be scheduled daily, weekly, monthly, or whenever the need arises. This is a good feature that customers are getting.

Customers sometimes experience issues with performance. One thing that I recall is that most customers often want to have reporting as per their customized dashboard. This needs to be improved because although we guide them and let them know what they have to learn, some customers want to have some respect to their local environment. Some customers need help, support, or improvements in that platform if we can customize the reporting.

I have been dealing with this solution for more than three to four years now.

Regarding the pricing of Rapid7 InsightAppSec, I think it is reasonable because if a product is performing well, customers are happy to go with it even if it costs a little bit more. I have not received any complaints or issues regarding high price, so I would say it is acceptable.

I would rate the technical support by Rapid7 from one to ten at about seven.

Regarding the response time, I have to check with my respective team if they have any issues regarding that, but it has not been escalated. This means they are satisfied and are getting the response when the need arises for opening tickets or requesting support. The technical team responds, and sometimes we do that on behalf of our customers, so we get the response.

Positive

I have not heard any complaints.

I do not have any recommendations because customers were initially worried about the number of scans they used to perform, and now it has been enhanced or it will sometimes go to a maximum of unlimited number of scans they can do. This supports them, and I think that is acceptable. There is no such big issue here.

I do not think we always go with Rapid7 InsightAppSec in our basket to any customer. Even if someone is not using it, we pitch the same product to them as well. This is how we work and operate.

I would rate this review seven out of ten.

My main use case for Checkmarx One is mostly for scanning and vulnerability detection, and in that, I mostly use the SAST scans and access management for users and the remediation part for scans.

A recent scenario is that Checkmarx One is integrated with the pipeline, so mostly our DevOps engineer can scan it from the pipeline, the security scan is initiated, and I get reports in Checkmarx, and I share that, and accordingly, I help developers to remediate vulnerabilities in the code. That's how I use it.

I also manage policies that are for security scan features like implementation of security gates, according to which, the application will be blocked from pipeline production. And to reduce vulnerability, mostly, I use it.

The best features Checkmarx One offers, in my opinion, are that it is easy to use, and there is not much deep diving into this. Anyone can use it for scanning purposes and for security gate purposes. It is really helpful, to be honest. For me, I personally believe it is a great tool.

The entire process in Checkmarx One is easy to understand, and although not a particular part stands out, there are no multiple features which I need to enable, or I have to deep dive into another tab or options for scanning and doing work. I can directly do this from the home page, and I can use it even for basic tasks.

Checkmarx One has helped with efficiency and security for sure, as I am able to detect vulnerabilities on the earliest basis and help developers to remediate them. It really helps a lot at the enterprise level.

Most probably, the most common thing that Checkmarx One does is reduce the vulnerabilities and the criticality of the vulnerabilities also. I am able to detect, and in the same way, I can collaborate with developers to remediate them on the earliest basis. That is a useful part.

I wish there could be some features to improve Checkmarx One, but I don't think so. It is an easy-to-use application, so I'm happy with the current features. I don't think there is anything required.

The latest version or upgraded version of Checkmarx One is too good, and I'm satisfied.

There are some downtimes when Checkmarx One is being upgraded to the latest version or some improvement is there. Sometimes I face issues, and I get a notification from Checkmarx. That's okay.

I have been using Checkmarx One for the last three years for my daily work in the office, in my daily routine work.

Checkmarx One's scalability is that I have a limited license number, and accordingly, it is able to manage most of my scans and the number of scans at the same time.

Customer support for Checkmarx One is good because I had some doubts or issues, so I asked them, and I got a reply within 24 working hours. That's good, I would say.

Neutral

I would advise others to use Checkmarx One, as it is a good application, and for most of the work I do, I would suggest SAST scans are really helpful, and it is easy to use. I need not do much work, and it will be helpful for any organization that is using it. I'm not sure about the pricing metrics, but it is helpful. I gave this review a rating of 9.5 out of 10.