No more typing reviews! Try our Samantha, our new voice AI agent.

Check Point WAF (formerly CloudGuard WAF) vs HackerOne comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.4
Check Point WAF yields cost savings, enhanced security, and efficiency, with up to 90% ROI and reduced breach risks.
Sentiment score
5.6
HackerOne enhances security and efficiency with varied ROI; larger entities benefit more than smaller ones, citing cost savings.
When we are attacked, we can understand how important the solution is.
Cyber security manager at a government with 1,001-5,000 employees
When you migrate to the cloud, it feels like saving 90% of your time.
Manager, Managed Security Services at a tech vendor with 51-200 employees
Most of the operations happen in the background, so I do not spend much time on it.
Principal Cybersecurity Specialist at Unitel S.A.
HackerOne provides strong value by helping organizations find vulnerabilities faster and reduce the higher costs associated with security breaches.
Senior Software Developer at hireHQ
We receive rewards without needing to invest any money, so the return on investment is substantial.
dApp Auditor at Hacken
For someone who is starting or in the middle, it is very difficult because you can spend 20 hours sending 20 reports but none of them gets anything.
QA Engineering Lead at kintsugi
 

Customer Service

Sentiment score
6.5
Check Point WAF is praised for support, with quick response times and skilled personnel, but needs improved non-business hours coverage.
Sentiment score
6.9
HackerOne's customer support is generally proactive and responsive, though some users have noted slower responses and communication issues.
They need to increase the number of people for 24/7 support.
Principal Cybersecurity Specialist at Unitel S.A.
They were responsive even before we committed to buying their solution.
Infrastructure Manager at FPMH
I also received full technical support, especially during the implementation.
Cyber security manager at a government with 1,001-5,000 employees
We have priority support because we are a higher tier, and with high report volumes, the turnaround time is very good.
Senior Software Developer at hireHQ
Technical support at HackerOne has slowed down considerably compared to four years ago.
dApp Auditor at Hacken
The ease of collaboration with ethical hackers on HackerOne has been quite good.
Senior Security Professional at Oportun, Inc.
 

Scalability Issues

Sentiment score
7.4
Check Point WAF is praised for scalability, seamless cloud integration, and traffic-based licensing, with excellent support and easy expansion.
Sentiment score
7.6
HackerOne's scalable design efficiently supports growth and adaptability, accommodating large user bases and varying security needs effectively.
If I need to scale, I open a Whatsapp group with the director and the team, and we quickly proceed to do so.
Cyber security manager at a government with 1,001-5,000 employees
They have sufficient resources, and there are no challenges from a scalability perspective.
Project Manager at a outsourcing company with 1,001-5,000 employees
Check Point CloudGuard WAF's scalability is very good.
Sr. VP of Creative & Development at a non-tech company with 51-200 employees
It is a large platform with many programs and clients.
dApp Auditor at Hacken
HackerOne is very scalable because we can put bounties for any number of hackers at the same time and test thoroughly.
Senior Software Developer at hireHQ
It maintains a high signal-to-noise ratio and addresses scalability through infrastructure, triage services, and AI automation.
Consultant at a manufacturing company with 10,001+ employees
 

Stability Issues

Sentiment score
8.2
Check Point WAF is highly reliable, stable, and efficient, with users praising minimal downtime and smooth operations.
Sentiment score
8.2
HackerOne generally receives praise for stability and reliability, despite occasional reports of minor bugs and downtime.
It is very stable.
Team Leader, Cloudops & Cloud Architect at a consultancy with 501-1,000 employees
It is very stable, never crashing or giving me an error that I can see.
Sysadmin at a government with 501-1,000 employees
I did not have any issues in the last three years during which I had more than ten critical services running on CloudGuard.
Information Technology - Infrastructure and Security at Cyprus Development Bank
HackerOne was down for some time and the response was not good.
QA Engineering Lead at kintsugi
 

Room For Improvement

Check Point WAF requires enhanced documentation, user interface, integration, support, security features, and improved scalability and pricing transparency.
Users seek cost predictability, faster responses, better integrations, improved triaging, communication, invite guidelines, and flexible payouts.
The provider could improve by providing better guidance and support during the configuration process.
Infrastructure Manager at FPMH
Future releases should include better bot mitigation, behavioral anomaly detection, compliance templates, advanced threat intel integration, and streamlined multi-cloud support to boost protection and usability.
Senior Cyber Security Engineer at a computer software company with 501-1,000 employees
A machine learning-based adaptive mode could help the WAF learn over time and auto-tune policies.
Technical Support Executive at a computer software company with 501-1,000 employees
More advanced AI capabilities would help prioritize reports, reduce false positives, and speed up the validation.
Senior Software Developer at hireHQ
There are no clear guidelines for being invited to programs and conferences.
dApp Auditor at Hacken
Sometimes new users don't receive invites just because they are new, despite potentially being very skilled hackers, so I feel new users should get more chances and opportunities.
Senior ICT Security Consultant at Applied Principles Limited
 

Setup Cost

Check Point WAF pricing is seen as expensive but justified due to its robust features and flexible licensing.
HackerOne is cost-effective for hunters, typically funded by companies, with a 20% fee on awards, making it affordable.
It is more expensive than f5, where we purchased everything as bundles, and Check Point costs more, but it is worth the money.
Cyber security manager at a government with 1,001-5,000 employees
It is less costly than Cloudflare, Fortinet, and other vendors.
Project Manager at a outsourcing company with 1,001-5,000 employees
I know that its price is relatively expensive compared to other products but it gives benefits that are worth it.
Ciso at a government with 1,001-5,000 employees
The cost is rated as one since there is no need to pay anything, not even a fee or commission.
dApp Auditor at Hacken
I have not experienced any costs since I use HackerOne independently, just logging into the site, hunting bugs, and submitting them without any expenses.
Senior ICT Security Consultant at Applied Principles Limited
 

Valuable Features

Check Point WAF provides AI-driven threat prevention, fast deployment, and ease of use, enhancing protection, scalability, and cost-efficiency.
HackerOne excels in vulnerability tracking, researcher engagement, and integration, enhancing security through a global ethical hacker community.
Upon implementation and evaluation with third-party penetration testing, it meets rigorous security standards required for dealing with financial institutions.
Infrastructure Manager at FPMH
It can protect against zero-day attacks and hidden anomalies.
Amministratore Della Sicurezza Di Rete at a government with 1,001-5,000 employees
The solution preemptively blocks zero-day attacks and detects hidden anomalies effectively.
Information Technology - Infrastructure and Security at Cyprus Development Bank
It has a very simple user interface, and it gives you a quick response—if you submit a bug, someone reaches out to you within minutes, telling you they will verify the bug, and it can be verified in just a few days, sometimes even less than a day, which stands out for me.
Senior ICT Security Consultant at Applied Principles Limited
HackerOne is a very good platform with the trust of different companies including Shopify, PayPal, and Uber.
Senior Software Developer at hireHQ
I find bug bounty programs most valuable for our organization because they invite researchers from around the globe to find bugs in our environment, allowing us to fix various severity vulnerabilities or bugs that, if left unaddressed, could lead to losing customers.
Consultant at a manufacturing company with 10,001+ employees
 

Categories and Ranking

Check Point WAF (formerly C...
Ranking in Application Security Tools
5th
Average Rating
8.8
Reviews Sentiment
7.2
Number of Reviews
60
Ranking in other categories
Web Application Firewall (WAF) (5th)
HackerOne
Ranking in Application Security Tools
18th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
11
Ranking in other categories
Vulnerability Management (35th), Bug Bounty Platforms (1st), Penetration Testing Services (2nd), Attack Surface Management (ASM) (6th), AI Observability (15th)
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of Check Point WAF (formerly CloudGuard WAF) is 0.7%, up from 0.1% compared to the previous year. The mindshare of HackerOne is 0.8%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Check Point WAF (formerly CloudGuard WAF)0.7%
HackerOne0.8%
Other98.5%
Application Security Tools
 

Featured Reviews

Mohan Janarthanan - PeerSpot reviewer
Associate Vice President at Novac Technology Solutions
Integrated web protection has reduced breaches and now prevents attacks across critical apps
I have been using it for six months, and the biggest advantages for me are that Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). In contrast, Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection. Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors. The traditional WAF does not have the capacity of IPS functions. The intrusion prevention capability, I can only see in Layer 3 functions and stateful functions, which is the traditional firewall capability. Other vendors are keeping this in their Web Application Firewall, but Check Point WAF (formerly CloudGuard WAF) has integrated it differently. False positives are significantly less here compared to traditional Web Application Firewalls because they are more focused on the AI front. Check Point WAF (formerly CloudGuard WAF) integrates an AI platform within the Web Application itself using API protection with AI and what they call GenAI protection. They excel at creating the profile itself, which is the basic functionality of WAF. Normally, I deploy in preventive mode, which takes some time for learning, but I prefer to operate in preventing mode only.
NitishKumar - PeerSpot reviewer
Consultant at a manufacturing company with 10,001+ employees
Crowdsourced security has strengthened our bug discovery and improved vulnerability response
HackerOne is already doing well, although I believe implementing stricter SLAs for the time to first response and time to bounty would help prevent researchers' burnout, especially regarding duplicate submissions. I suggest systematic bug rewards because currently, if a researcher finds one bug in multiple places, they often only get paid for one. Improving the handling of systemic vulnerabilities would encourage deeper research. Additionally, improving multi-currency and crypto payout options would help make the platform more accessible globally.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Outsourcing Company
11%
Financial Services Firm
9%
Manufacturing Company
8%
Manufacturing Company
12%
Comms Service Provider
12%
Financial Services Firm
10%
Computer Software Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise21
Large Enterprise24
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise7
 

Questions from the Community

What is your experience regarding pricing and costs for CloudGuard for Application Security?
The pricing is reasonable, and I believe it is acceptable. I am satisfied with the timing.
What needs improvement with CloudGuard for Application Security?
The negative aspect is that Check Point WAF (formerly CloudGuard WAF) uses Check Point Harmony in its management console, which sometimes creates latency when connecting to or opening the platform....
What is your primary use case for CloudGuard for Application Security?
I want to protect my application hosted in my cloud by preventing attacks against my top OWASP Top 10 threats. I am enabling Check Point WAF (formerly CloudGuard WAF) as my application firewall. Th...
What is your experience regarding pricing and costs for HackerOne?
I'm not very sure about pricing, setup costs, and licensing, as those are managed by our management team.
What needs improvement with HackerOne?
HackerOne can be improved, and the insights can be a little better. I chose a nine for my rating because it has very great features such as a large research community, workflow integration, analyti...
What is your primary use case for HackerOne?
My main use case for HackerOne is bug bounties and getting paid through that platform. Companies like Fastify and Oracle create bug bounties and vulnerability disclosure programs on HackerOne. Ethi...
 

Also Known As

Check Point CloudGuard Application Security, CloudGuard Application Security, CloudGuard AppSec
HackerOne Assets, HackerOne Pentesting Services, HackerOne Security Assessments, HackerOne Vulnerability Management
 

Overview

 

Sample Customers

Orange España, Paschoalotto
Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense
Find out what your peers are saying about Check Point WAF (formerly CloudGuard WAF) vs. HackerOne and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.