We performed a comparison between Checkmarx One and Imperva Web Application Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"Scan reviews can occur during the development lifecycle."
"The most valuable feature for me is the Jenkins Plugin."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The solution is scalable."
"The most valuable features of Imperva Web Application Firewall are the monitoring of databases and the dashboards are easy to understand."
"It has fewer false positives"
"We can prevent attacks or issues even before they happen."
"Imperva is easy to use and deploy. The UI is excellent."
"The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network."
"One good thing about Imperva Web Application Firewall is it can be on the cloud and also it can be on-premise."
"The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Checkmarx could improve the speed of the scans."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"We can run only one project at a time."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"It would be nice to have more security control over mobile applications so I would suggest adding more mobile security features. It would also be beneficial to see improvements in regards to interface bandwidth performance, CPU time, and RAM size. Learning capability of the device is quite weak."
"The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year."
"The Imperva Web Application Firewall automations are good, but there is still room for improvement with them."
"One potential improvement for Imperva is enhancing its alert system."
"It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that."
"It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself."
"There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering."
"In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy."
More Imperva Web Application Firewall Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Imperva Web Application Firewall is ranked 6th in Web Application Firewall (WAF) with 46 reviews. Checkmarx One is rated 7.6, while Imperva Web Application Firewall is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Imperva Web Application Firewall writes "Offers simulation for studying infrastructure and hybrid infrastructure protection". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Imperva Web Application Firewall is most compared with AWS WAF, F5 Advanced WAF, Microsoft Azure Application Gateway, Fortinet FortiWeb and Azure Front Door. See our Checkmarx One vs. Imperva Web Application Firewall report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.