AWS WAF vs Checkmarx One comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

Average Rating
Number of Reviews
Ranking in other categories
Web Application Firewall (WAF) (1st)
Checkmarx One
Average Rating
Number of Reviews
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (12th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)

Mindshare comparison

As of July 2024, in the Web Application Firewall (WAF) category, the mindshare of AWS WAF is 16.2%, down from 17.0% compared to the previous year. The mindshare of Checkmarx One is 0.6%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF)
Unique Categories:
No other categories found
Application Security Tools
Static Application Security Testing (SAST)

Featured Reviews

Aug 9, 2023
Easy to configure and stable solution
There is room for improvement in pricing. The pricing for each rule group is a bit too high. It's a monthly subscription, and it can get quite expensive for rules that I won't use for my application. For example, I might create a rule group that costs $10, and I only use one of the rules in the group. That's $10 for a rule that I'm not even using! So, the pricing could be more flexible, or there could be a way to get discounts for unused rules. So, AWS WAF should have a pay-as-you-go pricing model, where I can only pay for the rules that I use.
May 9, 2023
Responsive support, useful code-checking module, and high availability
Checkmarx is used to check the code from programmers and vulnerabilities in third-party software. Checkmarx can be deployed on the cloud and on-premise. However, it depends on the version Checkmarx detected code sections that did not adhere to best practices. After being informed, the programmers…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"We can host any DB or application on the solution."
"The product's initial setup phase was very simple."
"We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS."
"This product supplies options for web security for applications accessing sensitive information."
"The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections."
"The product’s availability, ease of configuration, and documentation are valuable."
"The most valuable feature is that it is very easy to configure. It just takes a couple of minutes."
"The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications."
"The tool's valuable features include integrating GPT and Copilot. Additionally, the UI web representation is very user-friendly, making navigation easy. GPT has made several improvements to my security code."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"The administration in Checkmarx is very good."
"The user interface is modern and nice to use."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The value you can get out of the speedy production may be worth the price tag."
"The most valuable feature is the simple user interface."


"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"We need more support as we go global."
"AWS WAF should provide better protection to its users, and the security features need to improve."
"The cost management has room for improvement."
"We don't have much control over blocking, because the WAF is managed by AWS."
"It's a bit difficult to apply the right rules for the right security."
"In a future release of this solution, I would like to see additional management features to make things simpler."
"The area of reporting in the product needs to have a proper format."
"Checkmarx needs to be more scalable for large enterprise companies."
"I would like to see the DAST solution in the future."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx is not good because it has too many false positive issues."
"The reports are good, but they still need to be improved considering what the UI offers."
"The solution sometimes reports a false auditable code or false positive."
"Micro-services need to be included in the next release."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."

Pricing and Cost Advice

"It has a variable pricing scheme."
"The product is moderately priced."
"There are different scale options available for WAF."
"The solution's cost depends on the use cases."
"AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage."
"We are kind of doing a POC comparison to see what works best. Pricing-wise, AWS is one of the most attractive ones. It is fairly cheap, and we like the pricing part. We're trying to see what makes more sense operation-wise, license-wise, and pricing-wise."
"AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39."
"It's cheap."
"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
"It is a good product but a little overpriced."
"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"The price of Checkmarx could be reduced to match their competitors, it is expensive."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The interface used to create custom rules comes at an additional cost."
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
792,098 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Computer Software Company
Financial Services Firm
Manufacturing Company
Insurance Company
Financial Services Firm
Computer Software Company
Manufacturing Company

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF is t...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit ...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

Also Known As

AWS Web Application Firewall
No data available



Sample Customers

eVitamins, 9Splay, Senao International
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF). Updated: June 2024.
792,098 professionals have used our research since 2012.