We performed a comparison between Checkmarx One, HCL AppScan, and Ixia BreakingPoint based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."The value you can get out of the speedy production may be worth the price tag."
"We use the solution to validate the source code and do SAST and security analysis."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The administration in Checkmarx is very good."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"I like the recording feature."
"The solution offers services in a few specific development languages."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"There's extensive functionality with custom rules and a custom knowledge base."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The UI was very intuitive."
"We leverage it as a quality check against code."
"We use Ixia BreakingPoint for Layer 7 traffic generation. That's what we like."
"The solution has many protocols and options, making it very flexible."
"I like that we can test cloud applications."
"It is a scalable solution."
"There is a virtual version of the product which is scaled to 100s of virtual testing blades."
"The DDoS testing module is useful and quick to use."
"The most valuable feature of Ixia BreakingPoint is the ransomware and malware database for simulated attacks."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"A desktop version should be added."
"There is not a central management for static and dynamic."
"They have to improve support."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"I would appreciate some preconfigured network neighborhoods, which are predefined settings for testing networks."
"The solution originally was hard to configure; I'm not sure if they've updated this to make it simpler, but if not, it's something that could be streamlined."
"They should improve UI mode packages for the users."
"The production traffic simulations are not realistic enough for some types of DDoS attacks."
"The quality of the traffic generation could be improved with Ixia BreakingPoint, i.e. to get closer to being accurate in what a real user will do."
"The integration could improve in Ixia BreakingPoint."
"The price could be better."
