Checkmarx One vs Imperva Web Application Firewall comparison

The compared Checkmarx and Imperva solutions aren't in the same category. Checkmarx is ranked #3 in AS , with an average rating of 7.7, and holds a 10.3% mindshare in the category. Imperva is ranked #5 in WAF , with an average rating of 8.9, and holds a 5.8% mindshare. Additionally, 87% of Checkmarx users are willing to recommend the solution, compared to 97% of Imperva users who would recommend it.

Checkmarx One

Read 70 Checkmarx One reviews

20,037 Views
13,630 Comparison Views

87% willing to recommend

Imperva Web Application Fir...

Read 52 Imperva Web Application Firewall reviews

4,968 Views
3,925 Comparison Views

97% willing to recommend

Checkmarx One

Imperva Web Application Fir...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Imperva Web Application Firewall based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. Imperva Web Application Firewall Report (Updated: March 2019).

Buyer's Guide

Checkmarx One vs. Imperva Web Application Firewall

March 2019

Download the complete report

Helped 850,760 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Checkmarx One

Average Rating

7.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (24th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (10th)

Imperva Web Application Fir...

Average Rating

8.6

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Web Application Firewall (WAF) (5th)

Mindshare comparison

Checkmarx One and Imperva Web Application Firewall aren’t in the same category and serve different purposes. Checkmarx One is designed for Application Security Tools and holds a mindshare of 10.3%, down 14.8% compared to last year.
Imperva Web Application Firewall, on the other hand, focuses on Web Application Firewall (WAF), holds 5.8% mindshare, down 6.7% since last year.

Application Security Tools

Web Application Firewall (WAF)

Featured Reviews

Rohit Kesharwani

Manager, Engineering at 7-Eleven

Provides good security analysis and security identification within the source code

We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.

Read full review

Abdullah Jin

Principal Cyber Prevent and Defense Engineer at a comms service provider with 1,001-5,000 employees

Offers bot protection and DDoS Protection and protects public-facing portals

Support is one thing I wish Imperva could improve. They follow the phone model and keep rotating you from one customer service person to another. The layer one support isn't very clear about the workings of the product. My feedback is primarily about Imperva Cloud, not on-premise. On-premise is a whole new story. Support is the issue for Imperva Cloud. It's also a bit pricey. It's a premium service and very expensive. The licensing model is not very straightforward. Every feature is priced separately, and to enjoy maximum protection, you'll have to spend a lot of money. The licensing model is a bit complex, and each feature is very pricey. For example, API security and web application protection are two separate license packages.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."

"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."

"The solution has good performance, it is able to compute in 10 to 15 minutes."

"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."

"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."

"Our static operation security has been able to identify more security issues since implementing this solution."

"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."

"The value you can get out of the speedy production may be worth the price tag."

More Checkmarx One pros

"Imperva Web Application Firewall is stable."

"The dynamic profiling of websites is the solution's most valuable feature. The security is also good."

"It has fewer false positives"

"There is a quick switch between any of the the nodes if something goes wrong, where there's a there's an attack against a specific area. The security setup is reasonably easy. It's not a problem to do setups and rules and integrations. And, yeah, just the the back end team is also very willing to insist if there's questions that that we cannot answer or with these questions that we do have"

"Data masking is the most valuable feature of this solution."

"The WAF itself has been very valuable to me because it has such a complete range of features. Another reason why I like it is because it also takes care of the total overview of the traffic over the network."

"Imperva Web Application Firewall is a highly stable solution and is very mature."

"There are a number of features that are valuable such as the account takeover and various antivirus features."

More Imperva Web Application Firewall pros

Cons

"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."

"The reports are good, but they still need to be improved considering what the UI offers."

"We have received some feedback from our customers who are receiving a large number of false positives."

"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."

"Checkmarx needs to be more scalable for large enterprise companies."

"The cost per user is high and should be reduced."

"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."

"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."

More Checkmarx One cons

"It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that."

"It's a complicated tool to keep."

"There could be some limitations that from the converged infrastructure perspective: when you want to converge with everything and you want Imperva to get there easily because it's not a cloud component. For example, when you want to build servers and you're using OneView to manage your software-defined networks, implementing Imperva right away is not that simple. But if you're doing just a simple cloud infrastructure with servers in there, you're good to go. Also, we are not able, with Imperva, to block by signatures. Imperva by itself needs to be complemented with another service to do URL filtering."

"The support for the on-premises version needs improvement."

"I'd like the option to pick your bot protection."

"One potential improvement for Imperva is enhancing its alert system."

"Imperva Web Application Firewall could improve the API integration. It was complex for us. Additionally, The onboarding could be better."

"The Imperva Web Application Firewall automations are good, but there is still room for improvement with them."

More Imperva Web Application Firewall cons

Pricing and Cost Advice

"The interface used to create custom rules comes at an additional cost."

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"The solution is costly."

"The pricing was not very good. This is just a framework which shouldn’t cost so much."

"The number of users and coverage for languages will have an impact on the cost of the license."

"The price of Checkmarx could be reduced to match their competitors, it is expensive."

"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."

"It is the right price for quality delivery."

More Checkmarx One pricing and cost advice

"The price of Imperva Web Application Firewalls is expensive compared to others."

"The pricing is somewhat expensive. It is actually a huge investment when compared to other countries."

"It's an excellent product, but it can be very costly."

"The price is high compared to other solutions like FortiWeb."

"There is a license for this solution and we purchase the license annually with no additional fees."

"The solution's pricing is an issue."

"Imperva Web Application Firewall's pricing is expensive."

"Imperva Web Application Firewall price is higher compared to other solutions. However, everything is included in the price."

More Imperva Web Application Firewall pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

850,760 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

14%

Manufacturing Company

10%

Government

Financial Services Firm

17%

Computer Software Company

13%

Insurance Company

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The pricing is relatively expensive due to the product's quality and performance, but it is worth it.

See all answers

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?

My recommendation is Imperva.

See all answers

Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?

For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc.

See all answers

DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?

You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperv...

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Checkmarx One

Compared 39% of the time

Veracode vs Checkmarx One

Compared 12% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

Checkmarx SAST vs Checkmarx One

Compared 5% of the time

OWASP Zap vs Checkmarx One

Compared 5% of the time

More Checkmarx One Competitors

Microsoft Azure Application Gateway vs Imperva Web Application Firewall

Compared 15% of the time

F5 Advanced WAF vs Imperva Web Application Firewall

Compared 13% of the time

Azure Front Door vs Imperva Web Application Firewall

Compared 11% of the time

AWS WAF vs Imperva Web Application Firewall

Compared 9% of the time

Fortinet FortiWeb vs Imperva Web Application Firewall

Compared 7% of the time

More Imperva Web Application Firewall Competitors

Product Reports

Buyer's Guide

Checkmarx One

May 2025

Download Checkmarx One product report

Buyer's Guide

Imperva Web Application Firewall

May 2025

Download Imperva Web Application Firewall product report

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Checkmarx

Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud.

The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer service and an excellent user interface.

Imperva

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens

Buyer's Guide

Checkmarx One vs. Imperva Web Application Firewall

March 2019

Free Report: Checkmarx One vs. Imperva Web Application Firewall

Find out what your peers are saying about Checkmarx One vs. Imperva Web Application Firewall and other solutions. Updated: March 2019.

DOWNLOAD NOW

850,760 professionals have used our research since 2012.

See our Checkmarx One vs. Imperva Web Application Firewall report.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.