• Home
  • Checkmarx One vs. Parasoft SOAtest

Checkmarx One vs Parasoft SOAtest comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo

Checkmarx One

Read 67 Checkmarx One reviews
33,297 views|21,828 comparisons
86% willing to recommend
Parasoft Logo

Parasoft SOAtest

Read 30 Parasoft SOAtest reviews
1,135 views|777 comparisons
92% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Checkmarx One vs. Parasoft SOAtest
March 2024
Executive Summary

We performed a comparison between Checkmarx One and Parasoft SOAtest based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx One vs. Parasoft SOAtest Report (Updated: March 2024).
Download the complete report
768,924 professionals have used our research since 2012.
Featured Review
Naveen Hariharan Vijaya
A highly scalable solution that reduces workloads, saves time, and fixes loopholes and vulnerabilities swiftly
Static code reviews are small projects. Previously, with a team of four analysts, we did two project reviews every month. Since we started using... Read more →
Milind Parab
Useful for automated SQA, certifications, but the summary reports could improve
The tool is part of Automated Code Flow. It helps in SQA and Automotive Certification.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application.""The solution allows us to create custom rules for code checks.""The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal.""The UI is very intuitive and simple to use.""The user interface is modern and nice to use.""The solution is scalable, but other solutions are better.""Scan reviews can occur during the development lifecycle.""The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

More Checkmarx One Pros →

"If you want something that’s not provided out of the box, then you can write it yourself and integrate it with SOAtest.""Since the solution has both command line and automation options, it generates good reports.""Automatic testing is the most valuable feature.""Good write and read files which save execution inputs and outputs and can be stored locally.""The testing time is shortened because we generate test data automatically with SOAtest.""The solution is scalable.""Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in.""They have a feature where they can record traffic and create tests on the report traffic."

More Parasoft SOAtest Pros →

Cons
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported.""The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement.""We can run only one project at a time.""I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service.""They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server.""We have received some feedback from our customers who are receiving a large number of false positives.""Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”.""The reports are good, but they still need to be improved considering what the UI offers."

More Checkmarx One Cons →

"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time.""Tuning the tool takes time because it gives quite a long list of warnings.""Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved.""Reporting facilities can be better.""Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu.""The summary reports could be improved.""Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times.""The performance could be a bit better."

More Parasoft SOAtest Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "From what I understand, Parasoft SOAtest isn't the cheapest option. But it has a lot to offer."
  • "The cost of Parasoft seems to have gotten higher with a projection that wasn't really stipulated for our company. They've done a tremendous job at negotiating those deals."
  • "I think it would be a great step to decrease the price of the licenses."
  • "It is an expensive product, so think carefully about whether it fits your purposes and is the right tool for you."
  • "We are completed satisfied with Parasoft SOAtest. The ROI is more than 95%."
  • "The license price is a little expensive, but it provides a better outcome in terms of the end-to-end automation process."
  • "They do have a confusing licensing structure."
  • "The price is around $5,000 USD."

    • More Parasoft SOAtest Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    768,924 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    What do you like most about Parasoft SOAtest?
    Top Answer:Since the solution has both command line and automation options, it generates good reports.
    Read all 6 answers   →
    What is your experience regarding pricing and costs for Parasoft SOAtest?
    Top Answer:The price is average. It isn't overly expensive.
    Read all 4 answers   →
    What needs improvement with Parasoft SOAtest?
    Top Answer:Tuning the tool takes time because it gives quite a long list of warnings. Going through that is a challenge. It only happens in the initial stage when we are setting up the tool, but it can be… more »
    Read all 6 answers   →
    Ranking
    3rd
    out of 67 in Application Security Testing (AST)
    Views
    33,297
    Comparisons
    21,828
    Reviews
    21
    Average Words per Review
    513
    Rating
    7.7
    28th
    out of 67 in Application Security Testing (AST)
    Views
    1,135
    Comparisons
    777
    Reviews
    4
    Average Words per Review
    440
    Rating
    7.0
    Comparisons
    Also Known As
    SOAtest
    Learn More
    Checkmarx
    Parasoft
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Parasoft SOAtest delivers fully integrated API and web service testing capabilities that automate end-to-end functional API testing. Streamline automated testing with advanced codeless test creation for applications with multiple interfaces (REST & SOAP APIs, microservices, databases, and more).

    SOAtest reduces the risk of security breaches and performance outages by transforming functional testing artifacts into security and load equivalents. Such reuse, along with continuous monitoring of APIs for change, allows faster and more efficient testing.

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Charter Communications, Sabre, Caesars Entertainment, Charles Schwab, ING, Intel, Northbridge Financial, Capital Services, WoodmenLife
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Financial Services Firm43%
    Government14%
    Manufacturing Company7%
    Energy/Utilities Company7%
    VISITORS READING REVIEWS
    Financial Services Firm31%
    Manufacturing Company15%
    Computer Software Company14%
    Government5%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    REVIEWERS
    Small Business22%
    Midsize Enterprise9%
    Large Enterprise69%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise9%
    Large Enterprise75%
    Buyer's Guide
    Checkmarx One vs. Parasoft SOAtest
    March 2024
    Free Report: Checkmarx One vs. Parasoft SOAtest
    Find out what your peers are saying about Checkmarx One vs. Parasoft SOAtest and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,924 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews. Checkmarx One is rated 7.6, while Parasoft SOAtest is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Klocwork. See our Checkmarx One vs. Parasoft SOAtest report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.