Checkmarx One vs Imperva Web Application Firewall comparison

The compared Checkmarx and Imperva solutions aren't in the same category. Checkmarx is ranked #3 in AS , with an average rating of 7.7, and holds a 10.3% mindshare in the category. Imperva is ranked #5 in WAF , with an average rating of 8.9, and holds a 5.8% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 97% of Imperva users who would recommend it.

Checkmarx One

Read 70 Checkmarx One reviews

20,037 Views
13,630 Comparison Views

87% willing to recommend

Imperva Web Application Fir...

Read 52 Imperva Web Application Firewall reviews

4,968 Views
3,925 Comparison Views

97% willing to recommend

Checkmarx One

Imperva Web Application Fir...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Imperva Web Application Firewall based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. Imperva Web Application Firewall Report (Updated: March 2019).

Buyer's Guide

Checkmarx One vs. Imperva Web Application Firewall

March 2019

Download the complete report

Helped 850,900 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Average Rating

7.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (24th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (10th)

Imperva Web Application Fir...

Average Rating

8.6

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Web Application Firewall (WAF) (5th)

Mindshare comparison

Checkmarx One and Imperva Web Application Firewall aren’t in the same category and serve different purposes. Checkmarx One is designed for Application Security Tools and holds a mindshare of 10.3%, down 14.8% compared to last year.
Imperva Web Application Firewall, on the other hand, focuses on Web Application Firewall (WAF), holds 5.8% mindshare, down 6.7% since last year.

Application Security Tools

Web Application Firewall (WAF)

Featured Reviews

Rohit Kesharwani

Manager, Engineering at 7-Eleven

Provides good security analysis and security identification within the source code

We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.

Read full review

Abdullah Jin

Principal Cyber Prevent and Defense Engineer at a comms service provider with 1,001-5,000 employees

Offers bot protection and DDoS Protection and protects public-facing portals

Support is one thing I wish Imperva could improve. They follow the phone model and keep rotating you from one customer service person to another. The layer one support isn't very clear about the workings of the product. My feedback is primarily about Imperva Cloud, not on-premise. On-premise is a whole new story. Support is the issue for Imperva Cloud. It's also a bit pricey. It's a premium service and very expensive. The licensing model is not very straightforward. Every feature is priced separately, and to enjoy maximum protection, you'll have to spend a lot of money. The licensing model is a bit complex, and each feature is very pricey. For example, API security and web application protection are two separate license packages.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."

"Less false positive errors as compared to any other solution."

"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."

"The setup is fairly easy. We didn't struggle with the process at all."

"The value you can get out of the speedy production may be worth the price tag."

"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."

"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."

"The solution allows us to create custom rules for code checks."

More Checkmarx One pros

"Imperva has a complete picture of how the applications are utilizing it. It is handy. DDoS is good. It has an internally managed database. It is very easy to integrate. We have integrated it with SIEM services."

"Imperva monitors all traffic, even customer access, to the web application. Then, Imperva uses features like signatures to identify attacks like cross-site scripting or SQL injection."

"The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network."

"The most valuable features of Imperva Web Application Firewall are the monitoring of databases and the dashboards are easy to understand."

"The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security."

"Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva."

"The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis."

"I have had a positive experience with Imperva Web Application Firewall's tech support so far. They are knowledgeable and respond on time."

More Imperva Web Application Firewall pros

Cons

"It is an expensive solution."

"The pricing can get a bit expensive, depending on the company's size."

"I can't create a business case with multiple-factor authentication."

"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."

"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."

"The plugins for the development environment have room for improvements such as for Android Studio and X code."

"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."

"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."

More Checkmarx One cons

"There is nothing specific where the application firewall is falling short."

"I don't really use it and therefore can't speak to areas of improvement."

"I'd like the option to pick your bot protection."

"The product's customization capabilities are a bit problematic, requiring support cases for backend modifications."

"It would be helpful to have a "recommended deployment", or even a list of basic features that should either be used or turned on by default."

"The UI interface needs improvement."

"One potential improvement for Imperva is enhancing its alert system."

"In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy."

More Imperva Web Application Firewall cons

Pricing and Cost Advice

"It's relatively expensive."

"If you want more, you have to pay more. You have to pay for additional modules or functionalities."

"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."

"I would rate the solution’s pricing an eight out of ten. The tool’s pricing is higher than others and it is for the license alone."

"It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."

"The solution's price is high and you pay based on the number of users."

"It is an expensive solution."

"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."

More Checkmarx One pricing and cost advice

"Everybody complains about the price of this solution."

"Imperva Web Application Firewall is expensive."

"The tool is expensive."

"The cost of this solution depends on the platform."

"It's an excellent product, but it can be very costly."

"Imperva Web Application Firewall's pricing is expensive."

"We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."

"The price of this solution is a little bit high compared to competitors."

More Imperva Web Application Firewall pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

850,900 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

14%

Manufacturing Company

10%

Government

Financial Services Firm

17%

Computer Software Company

13%

Insurance Company

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?

My recommendation is Imperva.

See all answers

Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?

For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc.

See all answers

DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?

You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperv...

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 39% of the time

Veracode vs Checkmarx One

Compared 12% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

Checkmarx SAST vs Checkmarx One

Compared 5% of the time

OWASP Zap vs Checkmarx One

Compared 5% of the time

More Checkmarx One Competitors

Microsoft Azure Application Gateway vs Imperva Web Application Firewall

Compared 15% of the time

F5 Advanced WAF vs Imperva Web Application Firewall

Compared 13% of the time

Azure Front Door vs Imperva Web Application Firewall

Compared 11% of the time

AWS WAF vs Imperva Web Application Firewall

Compared 9% of the time

Fortinet FortiWeb vs Imperva Web Application Firewall

Compared 7% of the time

More Imperva Web Application Firewall Competitors

Product Reports

Buyer's Guide

Checkmarx One

May 2025

Download Checkmarx One product report

Buyer's Guide

Imperva Web Application Firewall

May 2025

Download Imperva Web Application Firewall product report

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud.

The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer service and an excellent user interface.

Imperva

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens

Buyer's Guide

Checkmarx One vs. Imperva Web Application Firewall

March 2019

Free Report: Checkmarx One vs. Imperva Web Application Firewall

Find out what your peers are saying about Checkmarx One vs. Imperva Web Application Firewall and other solutions. Updated: March 2019.

DOWNLOAD NOW

850,900 professionals have used our research since 2012.

See our Checkmarx One vs. Imperva Web Application Firewall report.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.