We performed a comparison between Checkmarx One and Parasoft SOAtest based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The solution allows us to create custom rules for code checks."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The UI is very intuitive and simple to use."
"The user interface is modern and nice to use."
"The solution is scalable, but other solutions are better."
"Scan reviews can occur during the development lifecycle."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"If you want something that’s not provided out of the box, then you can write it yourself and integrate it with SOAtest."
"Since the solution has both command line and automation options, it generates good reports."
"Automatic testing is the most valuable feature."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"The testing time is shortened because we generate test data automatically with SOAtest."
"The solution is scalable."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"They have a feature where they can record traffic and create tests on the report traffic."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"We can run only one project at a time."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"We have received some feedback from our customers who are receiving a large number of false positives."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The reports are good, but they still need to be improved considering what the UI offers."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"Tuning the tool takes time because it gives quite a long list of warnings."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"Reporting facilities can be better."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"The summary reports could be improved."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"The performance could be a bit better."
Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews. Checkmarx One is rated 7.6, while Parasoft SOAtest is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Klocwork. See our Checkmarx One vs. Parasoft SOAtest report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.