We performed a comparison between Checkmarx One, Fortinet FortiDDoS, and Imperva DDoS based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The most valuable feature is that it actually identifies the different criteria you can set to meet whatever standards you're trying to get your system accredited for."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"We use the solution to validate the source code and do SAST and security analysis."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"Scan reviews can occur during the development lifecycle."
"Apart from software scanning, software composition scanning is valuable."
"Among its key features: Detects and mitigates DDoS attacks at L3 to L7; negligible to zero false-positives; Generates and sends reports without the need for an expensive third-party solution."
"The product allows the users to adjust the thresholds."
"The product's initial setup phase was really easy."
"The most valuable feature is the cloud DDoS scrubbing capability."
"We have researched them all, and it's a good solution all around."
"It allows me to see all the traffic on my network."
"I find the interface easy to use."
"The solution already has security profiles and it can protect from DDoS attacks and other kinds of attacks."
"The solution has a very good interface."
"Imperva DDoS is fairly stable, and its availability is quite high."
"Provides Anti-DDoS protection, as well as other protections like SQL injection, Cross-Site Scripting, and antiscanner. These types of protection are valuable to the business due to the daily attacks on our portals, and that often cannot be seen without a tool like this."
"On the site security, I can see which countries have incidents, whether it was a robot attack, a real human user, or non-human user."
"The solution's most valuable aspect is that it is easy to configure."
"The dashboard is good and user-friendly."
"The complete solution is valuable for everything it delivers and the protection it offers."
"We use Imperva DDoS to stop DDoS attacks and reduce the amount of unwanted queries against web services or web scraping."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"The validation process needs to be sped up."
"Its user interface could be improved and made more friendly."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The solution can be a little more user-friendly and it can be more affordable."
"All the thresholds that need to be configured should be included in the default so that user will not forget or misconfigure."
"There aren't really any aspects of the solution we are unhappy with. It's been a positive experience overall."
"The primary area for improvement is the on-premises capacity limit, currently fixed at 10 GB."
"I would like to see analytics, big data."
"The only thing they need to do is to automate it. Today, you must create tools that do not require the use of an expert or anyone with special skills."
"The product’s pricing needs improvement."
"The tool needs to focus more on the area of application traffic management, where it currently has some shortcomings."
"The solution needs to improve Integration with third parties for their on-prem deployment models. The integration is not that good yet."
"The product could use a broader scope in the area of policies."
"Imperva now offers add-ons to add functionality, but I would like to see these included in the product, even if it would cost more."
"There’s nothing that’s missing in terms of features."
"It would be beneficial to include vulnerability management in the solution, similar to what they have for their on-premise solution."
"The salespeople tend to exaggerate its capabilities, which can cost you money if you don't verify the information."
"Some maintenance must be performed by our IT team."
"The solution should integrate with something that looks at continuous security management."
