Acunetix vs Checkmarx One vs Fortify Application Defender comparison

Invicti and Checkmarx are both solutions in the Application Security Tools category. Invicti is ranked #16 with an average rating of 8.3, while Checkmarx is ranked #3 with an average rating of 8.3. Invicti holds a 2.9% mindshare in AS, compared to Checkmarx’s 9.9% mindshare. Additionally, 86% of Invicti users are willing to recommend the solution, compared to 87% of Checkmarx users who would recommend it.

Acunetix

Read 33 Acunetix reviews

6,393 Views
3,069 Comparison Views

86% willing to recommend

Checkmarx One

Read 71 Checkmarx One reviews

21,636 Views
17,525 Comparison Views

87% willing to recommend

Fortify Application Defender

Read 11 Fortify Application Defender reviews

1,176 Views
917 Comparison Views

81% willing to recommend

Acunetix

Checkmarx One

Fortify Application Defender

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Acunetix, Checkmarx One, and Fortify Application Defender based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: July 2025).

Buyer's Guide

Application Security Tools

July 2025

Download the complete report

Helped 863,331 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of Acunetix is 2.9%, up from 2.3% compared to the previous year. The mindshare of Checkmarx One is 9.9%, down from 14.3% compared to the previous year. The mindshare of Fortify Application Defender is 0.7%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

KashifJamil

CEO at Xcelliti

Has enabled teams to improve security testing with smooth integration and high accuracy

Acunetix has a very good ratio of fewer false positives, so users don't need to retest everything. Acunetix operates smoothly with no interruptions required, and it performs at 100% efficiency without issues in scanning anything. The solution is excellent at detecting SQL injection and cross-site scripting vulnerabilities. Acunetix integrates with every type of tool, including CI/CD tools, offering 100% integration in DevOps environments. The main benefit of Acunetix is that at the first level, users can address security issues related to penetration testing, allowing them to expose vulnerabilities and ensure all required testing is completed with very few false positives.

Read full review

Syed Hasan

Specialist Leader at Deloitte

Partner experiences excellent technical support and seamless initial setup

In my opinion, if we are able to extract or show the report, and because everything is going towards agent tech and GenAI, it would be beneficial if it could get integrated with our code base and do the fix automatically. It could suggest how the code base is written and automatically populate the source code with three different solution options to choose from. This would be really helpful.

Read full review

Saroj-Patnaik

Software Development Engineer 3 at Ernst & Young

Reliable solution with excellent machine learning algorithms but expensive and lacking support

I primarily use Fortify Application Defender to assess whether our products can defend against applications Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications. Fortify Application Defender gives…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I find it to be one of the most comprehensive tools, with support for manual intervention."

"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."

"The solution is excellent at detecting SQL injection and cross-site scripting vulnerabilities."

"Overall, it's a very good tool and a very good engine."

"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."

"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."

"It generates automated reports."

"The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."

More Acunetix pros

"Vulnerability details is valuable."

"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."

"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."

"It is a stable product."

"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."

"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."

"The UI is user-friendly."

More Checkmarx One pros

"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."

"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."

"The most valuable feature is that it analyzes data in real-time."

"The most valuable features of Fortify Application Defender are the code packages that are default."

"The product saves us cost and time."

"The solution helped us to improve the code quality of our organization."

"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."

"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."

More Fortify Application Defender pros

Cons

"The vulnerability identification speed should be improved."

"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."

"There are some versions of the solution that are not as stable as others."

"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."

"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."

"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."

"The solution is generally stable, however, there might be room for improvement regarding glitches or bugs."

"Acunetix needs to include agent analysis."

More Acunetix cons

"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."

"We have received some feedback from our customers who are receiving a large number of false positives."

"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."

"We can run only one project at a time."

"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."

"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."

"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."

"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."

More Checkmarx One cons

"Fortify Application Defender gives a lot of false positives."

"Support for older compilers/IDEs is lacking."

"The false positive rate should be lower."

"The workbench is a little bit complex when you first start using it."

"The licensing can be a little complex."

"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."

"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."

"The solution is quite expensive."

More Fortify Application Defender cons

Pricing and Cost Advice

"The pricing is a little high, and moreover, it's kind of domain-based."

"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."

"The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."

"The solution is expensive."

"It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."

"The costs aren't very expensive. It costs around $3000 or $4000."

"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."

"Acunetix was around the same price as all the other vendors we looked at, nothing special."

More Acunetix pricing and cost advice

"The solution's price is high and you pay based on the number of users."

"The pricing was not very good. This is just a framework which shouldn’t cost so much."

"The price of Checkmarx could be reduced to match their competitors, it is expensive."

"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."

"For around 250 users or committers, the cost is approximately $500,000."

"The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."

More Checkmarx One pricing and cost advice

"The product’s price is much higher than other tools."

"The base licensing costs for the SaaS platform is about $900 USD per application, per year."

"The price of this solution could be less expensive."

"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."

"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."

"Fortify Application Defender is very expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

863,331 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

13%

Manufacturing Company

Government

Financial Services Firm

20%

Computer Software Company

14%

Manufacturing Company

10%

Government

Financial Services Firm

17%

Manufacturing Company

15%

Computer Software Company

13%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Acunetix Vulnerability Scanner?

The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning t...

See all answers

What is your primary use case for Acunetix Vulnerability Scanner?

Most of the customers who use Acunetix are looking for security testing. The primary use case is performing penetrati...

See all answers

What advice do you have for others considering Acunetix Vulnerability Scanner?

Acunetix supports multi-user environments effectively. Acunetix is targeted for small to mid-size teams in a DevSecOp...

See all answers

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

What do you like most about Fortify Application Defender?

I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy.

See all answers

What needs improvement with Fortify Application Defender?

The product should integrate industry-standard code review tools internally with its system. This would streamline th...

See all answers

What is your primary use case for Fortify Application Defender?

We use the solution for fast code review. It is integrated into our DevOps pipeline.

See all answers

Comparisons

OWASP Zap vs Acunetix

Compared 17% of the time

PortSwigger Burp Suite Professional vs Acunetix

Compared 11% of the time

HCL AppScan vs Acunetix

Compared 9% of the time

Invicti vs Acunetix

Compared 7% of the time

ImmuniWeb vs Acunetix

Compared 2% of the time

More Acunetix Competitors

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 38% of the time

Veracode vs Checkmarx One

Compared 10% of the time

Checkmarx SAST vs Checkmarx One

Compared 7% of the time

OpenText Core Application Security vs Checkmarx One

Compared 5% of the time

Kiuwan vs Checkmarx One

Compared 1% of the time

More Checkmarx One Competitors

SonarQube Server (formerly SonarQube) vs Fortify Application Defender

Compared 15% of the time

Coverity vs Fortify Application Defender

Compared 13% of the time

Qualys Web Application Scanning vs Fortify Application Defender

Compared 13% of the time

CAST Application Intelligence Platform vs Fortify Application Defender

Compared 11% of the time

Veracode vs Fortify Application Defender

Compared 9% of the time

More Fortify Application Defender Competitors

Product Reports

Buyer's Guide

Acunetix

July 2025

Download Acunetix product report

Buyer's Guide

Checkmarx One

July 2025

Download Checkmarx One product report

Buyer's Guide

Application Security Tools

July 2025

Download Fortify Application Defender product report

Also Known As

AcuSensor

No data available

HPE Fortify Application Defender, Micro Focus Fortify Application Defender

Overview

Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.

Invicti

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

OpenText

Sample Customers

Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

ServiceMaster, Saltworks, SAP

Buyer's Guide

Application Security Tools

July 2025

Download Free Report

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: July 2025.

DOWNLOAD NOW

863,331 professionals have used our research since 2012.