No more typing reviews! Try our Samantha, our new voice AI agent.

Check Point WAF (formerly CloudGuard WAF) vs Veracode comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 16, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.4
Check Point WAF yields cost savings, enhanced security, and efficiency, with up to 90% ROI and reduced breach risks.
Sentiment score
6.5
Veracode boosts ROI by reducing security breaches and costs, enhancing compliance, and integrating effective vulnerability detection and automation.
When we are attacked, we can understand how important the solution is.
Cyber security manager at a government with 1,001-5,000 employees
When you migrate to the cloud, it feels like saving 90% of your time.
Manager, Managed Security Services at a tech vendor with 51-200 employees
Most of the operations happen in the background, so I do not spend much time on it.
Principal Cybersecurity Specialist at Unitel S.A.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Senior Solutions Architect at IDS Comercial
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
Head of Security Architecture at a healthcare company with 5,001-10,000 employees
We did see a return on investment with Veracode, as we segregated our remediation efforts, which reduced our time to delivery as well as the number of engineers needed to help us in delivering a secure solution.
DevSecOps Engineer at a tech services company with 11-50 employees
 

Customer Service

Sentiment score
6.5
Check Point WAF is praised for support, with quick response times and skilled personnel, but needs improved non-business hours coverage.
Sentiment score
7.2
Veracode's support is praised for expertise and responsiveness, though some report delays, improvements noted with dedicated managers.
They need to increase the number of people for 24/7 support.
Principal Cybersecurity Specialist at Unitel S.A.
They were responsive even before we committed to buying their solution.
Infrastructure Manager at FPMH
I also received full technical support, especially during the implementation.
Cyber security manager at a government with 1,001-5,000 employees
Access to the engineering team is crucial for faster feedback on the product fix process.
Principal Architect at a consultancy with 11-50 employees
I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.
Application Security Specialist at Herrenknecht
They share detailed information via email, including screenshots or further clarification about the issue.
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
 

Scalability Issues

Sentiment score
7.4
Check Point WAF is praised for scalability, seamless cloud integration, and traffic-based licensing, with excellent support and easy expansion.
Sentiment score
7.4
Veracode is praised for effective scalability across diverse needs, though costs and complexity can increase with scaling.
If I need to scale, I open a Whatsapp group with the director and the team, and we quickly proceed to do so.
Cyber security manager at a government with 1,001-5,000 employees
They have sufficient resources, and there are no challenges from a scalability perspective.
Project Manager at a outsourcing company with 1,001-5,000 employees
Check Point CloudGuard WAF's scalability is very good.
Sr. VP of Creative & Development at a non-tech company with 51-200 employees
Cloud solutions are easier to scale than on-premise solutions.
Senior Solutions Architect at IDS Comercial
It has a good capacity to scale effectively.
Lead Automation Quality Engineer in Leading UK Bank at a consultancy with 10,001+ employees
Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.
Application Security Specialist at Herrenknecht
 

Stability Issues

Sentiment score
8.2
Check Point WAF is highly reliable, stable, and efficient, with users praising minimal downtime and smooth operations.
Sentiment score
7.8
Veracode is generally stable with minor glitches, but could improve speed and communication for enhanced reliability.
It is very stable.
Team Leader, Cloudops & Cloud Architect at a consultancy with 501-1,000 employees
It is very stable, never crashing or giving me an error that I can see.
Sysadmin at a government with 501-1,000 employees
I did not have any issues in the last three years during which I had more than ten critical services running on CloudGuard.
Information Technology - Infrastructure and Security at Cyprus Development Bank
If the Veracode server is down, we experience many issues during the scan.
Lead Automation Quality Engineer in Leading UK Bank at a consultancy with 10,001+ employees
I have observed that it is not that reliable in terms of security because Veracode was not able to find some security threats in our application that existed since the product was developed.
Software Development Engineer II at Rocket Software
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
Head of Security Architecture at a healthcare company with 5,001-10,000 employees
 

Room For Improvement

Check Point WAF requires enhanced documentation, user interface, integration, support, security features, and improved scalability and pricing transparency.
Veracode is criticized for high costs, licensing rigidity, false positives, slow UI, and limited integration and language support.
The provider could improve by providing better guidance and support during the configuration process.
Infrastructure Manager at FPMH
Future releases should include better bot mitigation, behavioral anomaly detection, compliance templates, advanced threat intel integration, and streamlined multi-cloud support to boost protection and usability.
Senior Cyber Security Engineer at a computer software company with 501-1,000 employees
A machine learning-based adaptive mode could help the WAF learn over time and auto-tune policies.
Technical Support Executive at a computer software company with 501-1,000 employees
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
Lead Automation Quality Engineer in Leading UK Bank at a consultancy with 10,001+ employees
A nice addition would be if it could be extended for scenarios with custom cleansers.
IT App Security Senior Analyst at a transportation company with 10,001+ employees
 

Setup Cost

Check Point WAF pricing is seen as expensive but justified due to its robust features and flexible licensing.
Veracode's pricing is high and complex, valued by enterprises but expensive for smaller businesses with flexible options.
It is more expensive than f5, where we purchased everything as bundles, and Check Point costs more, but it is worth the money.
Cyber security manager at a government with 1,001-5,000 employees
It is less costly than Cloudflare, Fortinet, and other vendors.
Project Manager at a outsourcing company with 1,001-5,000 employees
I know that its price is relatively expensive compared to other products but it gives benefits that are worth it.
Ciso at a government with 1,001-5,000 employees
It's not the most expensive solution.
Senior Solutions Architect at IDS Comercial
Overall, Veracode's pricing is lower and more scalable than many alternatives in the market.
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
If there's a security gap, you'll never know the cost or effect.
 

Valuable Features

Check Point WAF provides AI-driven threat prevention, fast deployment, and ease of use, enhancing protection, scalability, and cost-efficiency.
Veracode offers effective security analysis, CI/CD integration, multi-language support, and detailed reports for secure, compliant software development.
Upon implementation and evaluation with third-party penetration testing, it meets rigorous security standards required for dealing with financial institutions.
Infrastructure Manager at FPMH
It can protect against zero-day attacks and hidden anomalies.
Amministratore Della Sicurezza Di Rete at a government with 1,001-5,000 employees
The solution preemptively blocks zero-day attacks and detects hidden anomalies effectively.
Information Technology - Infrastructure and Security at Cyprus Development Bank
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
Site Leader (India) at Industrial Scientific
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
IT App Security Senior Analyst at a transportation company with 10,001+ employees
 

Categories and Ranking

Check Point WAF (formerly C...
Ranking in Application Security Tools
5th
Average Rating
8.8
Reviews Sentiment
7.2
Number of Reviews
60
Ranking in other categories
Web Application Firewall (WAF) (5th)
Veracode
Ranking in Application Security Tools
3rd
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
208
Ranking in other categories
Static Application Security Testing (SAST) (3rd), Container Security (12th), Software Composition Analysis (SCA) (1st), Static Code Analysis (1st), Dynamic Application Security Testing (DAST) (1st), Application Security Posture Management (ASPM) (1st)
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of Check Point WAF (formerly CloudGuard WAF) is 0.7%, up from 0.1% compared to the previous year. The mindshare of Veracode is 4.3%, down from 9.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Veracode4.3%
Check Point WAF (formerly CloudGuard WAF)0.7%
Other95.0%
Application Security Tools
 

Featured Reviews

Mohan Janarthanan - PeerSpot reviewer
Associate Vice President at Novac Technology Solutions
Integrated web protection has reduced breaches and now prevents attacks across critical apps
I have been using it for six months, and the biggest advantages for me are that Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). In contrast, Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection. Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors. The traditional WAF does not have the capacity of IPS functions. The intrusion prevention capability, I can only see in Layer 3 functions and stateful functions, which is the traditional firewall capability. Other vendors are keeping this in their Web Application Firewall, but Check Point WAF (formerly CloudGuard WAF) has integrated it differently. False positives are significantly less here compared to traditional Web Application Firewalls because they are more focused on the AI front. Check Point WAF (formerly CloudGuard WAF) integrates an AI platform within the Web Application itself using API protection with AI and what they call GenAI protection. They excel at creating the profile itself, which is the basic functionality of WAF. Normally, I deploy in preventive mode, which takes some time for learning, but I prefer to operate in preventing mode only.
reviewer2753535 - PeerSpot reviewer
DevSecOps Engineer at a tech services company with 1,001-5,000 employees
Integrates security into the development process and improves team collaboration
Veracode helps organizations develop software by reducing the risk of security vulnerabilities through developer enablement and applications focused on governance. You can utilize different levels of processes to achieve better performance or a more scalable service. Since I started working with it in 2022, I’ve found it to be cost-effective as well. Overall, Veracode is a user-friendly security tool. It includes features such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). During the development phase, we can identify vulnerabilities in the application. This process occurs in the staging environment during development. When we're ready to go to production, we conduct a final check. Essentially, this tool helps identify vulnerabilities during the code development stage, including both high-level vulnerabilities and those related to open-source software composition. We utilize specific methodologies for this purpose. Additionally, it offers a feature that allows us to set up policies based on client requirements. This means we can customize the tool to meet the specific needs of our clients, ensuring that they receive the appropriate level of security in their applications. Veracode is user-friendly as well. Compared to other tools, their scans take 15 minutes or under. If you have a large scale of libraries or data, it might take longer, but based on my personal experience, the scan usually runs within fifteen minutes. For my case study using the Veracode tool, I worked on an internal project following industry standards. We used Veracode to improve our security posture and speed up the time to market by streamlining the development process. This enhanced collaboration between developers, operations, and security teams. The automated scanning process helped identify and fix vulnerabilities earlier in the development process. We maintained compliance with regulatory requirements, avoided fines, and built customer trust by integrating security into the development process. When we conduct this scan, we receive data on a list of vulnerabilities. This information improved our communication and increased transparency, which leads to better reports about the efforts being put in. This results in a more effective and efficient collaboration process, making it user-friendly for all involved. When considering costs, if we resort to manual processes, it can be time-consuming. Therefore, we utilize automated scans to identify and fix security issues. This allows us to address vulnerabilities early in the development process, as we discussed previously. This applies both to our in-house code and third-party libraries, using Software Composition Analysis (SCA) agent-based scans. In the future, we will also implement SCA agent-based scans as a separate feature within Veracode, which can help organizations avoid the expensive and time-consuming consequences of security issues. Furthermore, we have seen an increase in compliance, helping to maintain adherence to regulatory requirements and industry standards, thereby avoiding fines and reputational damage associated with noncompliance. Additionally, by integrating security into the development process, we enhance customer trust in our organization and its products.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Outsourcing Company
11%
Financial Services Firm
9%
Manufacturing Company
8%
Financial Services Firm
16%
Manufacturing Company
11%
Computer Software Company
9%
Construction Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise21
Large Enterprise24
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise46
Large Enterprise114
 

Questions from the Community

What is your experience regarding pricing and costs for CloudGuard for Application Security?
The pricing is reasonable, and I believe it is acceptable. I am satisfied with the timing.
What needs improvement with CloudGuard for Application Security?
The negative aspect is that Check Point WAF (formerly CloudGuard WAF) uses Check Point Harmony in its management console, which sometimes creates latency when connecting to or opening the platform....
What is your primary use case for CloudGuard for Application Security?
I want to protect my application hosted in my cloud by preventing attacks against my top OWASP Top 10 threats. I am enabling Check Point WAF (formerly CloudGuard WAF) as my application firewall. Th...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What is the biggest difference between Veracode and Checkmarx?
According to my experience of using both the tools in different organizations Veracode is a Cloud-native, managed AppSec platform with strong focus on ease of use, it is SaaS delivery, and provide...
What is your experience regarding pricing and costs for Veracode Static Analysis?
My experience with pricing, setup cost, and licensing for Veracode is that it is fairly moderate.
 

Also Known As

Check Point CloudGuard Application Security, CloudGuard Application Security, CloudGuard AppSec
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Orange España, Paschoalotto
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about Check Point WAF (formerly CloudGuard WAF) vs. Veracode and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.