We performed a comparison between Checkmarx One, HCL AppScan, and Trustwave App Scanner [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The solution is scalable, but other solutions are better."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The value you can get out of the speedy production may be worth the price tag."
"From my point of view, it is the best product on the market."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The most valuable feature for me is the Jenkins Plugin."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"AppScan is stable."
"The most valuable feature of the solution is the scanning or security part."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"We leverage it as a quality check against code."
"We use it as a security testing application."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"The stability is great. We haven't had any issues at all with it."
"I would like to see the tool’s pricing improved."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"Updating and debugging of queries is not very convenient."
"Its user interface could be improved and made more friendly."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"Checkmarx could improve the REST APIs by including automation."
"I would like to see the DAST solution in the future."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"The databases for HCL are small and have room for improvement."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"The penetration testing feature should be included."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
Earn 20 points