Try our new research platform with insights from 80,000+ expert users

Checkmarx One vs Qualys Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 23, 2024
 

Categories and Ranking

Checkmarx One
Ranking in Application Security Tools
3rd
Ranking in Static Application Security Testing (SAST)
3rd
Average Rating
7.6
Number of Reviews
69
Ranking in other categories
Vulnerability Management (16th), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)
Qualys Web Application Scan...
Ranking in Application Security Tools
12th
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.8
Number of Reviews
35
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of October 2024, in the Application Security Tools category, the mindshare of Checkmarx One is 13.1%, down from 14.4% compared to the previous year. The mindshare of Qualys Web Application Scanning is 2.0%, down from 2.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…
SubhajitAich - PeerSpot reviewer
Aug 25, 2023
A stable solution that can be used for infrastructure vulnerability scanning and web application scanning
We use the solution for multiple purposes, such as infrastructure vulnerability scanning and web application scanning Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box. Qualys Web Application Scanning is very complex to use,…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The most valuable feature is the application tracking reporting."
"The most valuable feature is the simple user interface."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"Vulnerability details is valuable."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"The vulnerability management feature is a strong one. And also the patch management feature."
"It is a very stable solution."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
 

Cons

"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"The pricing can get a bit expensive, depending on the company's size."
"The solution sometimes reports a false auditable code or false positive."
"I would like to see the DAST solution in the future."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"Checkmarx could improve the speed of the scans."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"The support could be faster."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The virus code updates are not frequent enough."
"It should have better automatic reporting."
"It is unclear how to build automation on Qualys. We do some automation, but not fully, because working is difficult."
"The solution needs to adjust its pricing. They should make it more affordable."
"The authenticated scanning feature could be improved by adding support for real-time scanning tokens and authorization tokens."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
 

Pricing and Cost Advice

"Be cautious of the one-year subscription date. Once it expires, your price will go up."
"It is a good product but a little overpriced."
"The number of users and coverage for languages will have an impact on the cost of the license."
"It is the right price for quality delivery."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"If you want more, you have to pay more. You have to pay for additional modules or functionalities."
"It's relatively expensive."
"We have purchased an annual license to use this solution. The price is reasonable."
"Pricing was reasonable and competitive. It was not too far above the other products."
"The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
"There are different options available with respect to licensing."
"Qualys WAS' pricing is competitive."
"Licensing was based on the number of assets that you want to scan on your network. You can also do licensing on subscription. On subscription, it is easier and more flexible. You tell Qualys that you want to move from the 1000 to 2000 band or the 3000 or 5000 band, then they will give you the quotation for it. Once you pay for it, applying the licensing is quite easy and effective."
"I rate the software’s pricing a six out of ten."
"The product is expensive, at least initially, in comparison to other products in this category."
"Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
807,508 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
10%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...
 

Also Known As

No data available
Qualys WAS
 

Learn More

 

Overview

 

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Find out what your peers are saying about Checkmarx One vs. Qualys Web Application Scanning and other solutions. Updated: October 2024.
807,508 professionals have used our research since 2012.