We performed a comparison between Checkmarx One and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"Scan reviews can occur during the development lifecycle."
"The only thing I like is that Checkmarx does not need to compile."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"It is a very stable solution."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"It works with many different products."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"The solution's user interface could be improved because it seems outdated."
"Meta data is always needed."
"Checkmarx is not good because it has too many false positive issues."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Micro-services need to be included in the next release."
"The reporting contains too many false positives."
"There could be better management and faster scanning."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"The product's pricing could be better."
"The software’s pricing could be improved."
"They should try to include business logic vulnerabilities in the scanner testing."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
More Qualys Web Application Scanning Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Checkmarx One is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Snyk. See our Checkmarx One vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.