We performed a comparison between Checkmarx One and R&S Web Application Firewall (DenyAll) based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The most valuable feature is the application tracking reporting."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"Scan reviews can occur during the development lifecycle."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"The three most valuable features that I noticed are the geo-localization of the user, the IP reputation, and the compartmental analysis."
"Checkmarx could improve the REST APIs by including automation."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"This product requires you to create your own rulesets. You have to do a lot of customization."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Its user interface could be improved and made more friendly."
"Checkmarx needs to be more scalable for large enterprise companies."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"The area that should be improved is licensing."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while R&S Web Application Firewall (DenyAll) is ranked 32nd in Web Application Firewall (WAF). Checkmarx One is rated 7.6, while R&S Web Application Firewall (DenyAll) is rated 9.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of R&S Web Application Firewall (DenyAll) writes "Geo-localization and IP reputation help to keep our clients secure and more available". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas R&S Web Application Firewall (DenyAll) is most compared with AWS WAF, Akamai App and API Protector and Fortinet FortiWeb.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.