We performed a comparison between Check Point CloudGuard WAF and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is a highly scalable solution with a quick turnaround time for deployment and running of the software across any IT system."
"It provides advanced analytics that gives each team time to prepare for any threat that might occur in the future."
"The features I have found most valuable are the comprehensive threat prevention capabilities, automated policy management, and seamless integration with cloud environments."
"The app control is very sensitive, and the threat detection and prevention is better than other Check Point solutions. There is a centralized management console for threat protection and self-inspection."
"The solution offers continuous security monitoring and alerting, which can help organizations detect and respond to security incidents in real time."
"We have not had any incidents. We could realize its benefits immediately. We watched and monitored the traffic, and it was amazing to see the results."
"The first valuable feature is that it is not a complex process to get it up and running. It was not complex at all. We were in a close relationship with the team that developed the app, and it worked in a few hours. The second valuable feature is the information that comes out of it."
"It offers high performance and improved productivity for users."
"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability."
"Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us."
"They also have what's called a Software Composition Analysis that can point out errors and fixes for third-party software frameworks, which is very nice."
"The Security Labs [is] where I have the developers training and constantly improving their security, and remembering their security techniques. That way, they are more proactive and make sure things are correct. They're faster because they're doing it in the first place."
"It has an easy-to-use interface."
"Veracode does not require any maintenance."
"For the next release, I would suggest considering features like enhanced threat intelligence integration."
"The coding configurations can be simplified to save time for IT teams and developers."
"There are occasions when it interfaces with other systems, leading to a loss of visibility."
"Cost reduction and trial period extension should be considered with some lucrative discount offerings in buying standard versions."
"We would like to have a solution of this type for the administration of applications from mobile devices."
"A feature we'd like to see in the future is something that could protect against other attack vectors, with a focus on application protection."
"There should be automation of threat detection, risk mitigation, and report generation."
"They should improve in the delivery of more detailed reports with more information."
"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."
"The scanning could be improved, because some scans take a bit of time."
"The interface is basic and has room for improvement."
"I would love to be able to do a dynamic sandbox scan. I think that that would allow us to really get a lot more buy-in from the software development teams."
"When Veracode updates the pool of tests and security checks, it could be a little more transparent about what it is releasing. It's not clear what it's adding. They do thousands of checks, and when they add more, there aren't many details about what the new tests are doing."
"The documentation is poor and the technical support isn't helpful."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"The GUI requires significant simplification, as its current complexity creates a steep learning curve for new users."
Check Point CloudGuard WAF is ranked 11th in Application Security Tools with 29 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Check Point CloudGuard WAF is rated 9.0, while Veracode is rated 8.2. The top reviewer of Check Point CloudGuard WAF writes "Automation capabilities also help streamline security processes and smooths down API integration processes and detects API availability". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Check Point CloudGuard WAF is most compared with SonarQube and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Check Point CloudGuard WAF vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
