We performed a comparison between Checkmarx One and NGINX App Protect based on real PeerSpot user reviews.
Find out what your peers are saying about Noname Security, Salt Security, F5 and others in API Security."The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"Scan reviews can occur during the development lifecycle."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The solution allows us to create custom rules for code checks."
"I like that you don't have to compile the code in order to execute static code analysis. So, it's very handy."
"One of the most valuable features is it is flexible."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The most valuable feature is the application tracking reporting."
"It's very easy to deploy."
"NGINX App Protect has complete control over the HTTP session."
"The most valuable feature of NGINX App Protect is the reverse proxy."
"I tested specific features and evaluated the solution against the Web Application Firewall. I conducted research to test different detection percentages. I did not use it directly for protection but for evaluation purposes."
"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
"It has the best documentation features."
"WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall."
"NGINX App Protect is stable."
"It is an expensive solution."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"The validation process needs to be sped up."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"The pricing can get a bit expensive, depending on the company's size."
"The solution sometimes reports a false auditable code or false positive."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"The dashboard could provide a more comprehensive view of the status of the connections."
"Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks."
"NGINX App Protect could improve security."
"Setting policies and parameters through the UI should be more automated because the process is manual, where we can only edit one rule at a time."
"Its technical support could be better."
"As far as scalability, it takes a long time for deployment."
"It's challenging if you need to go for a high throughput."
"The integration of NGINX App Protect could improve."
Checkmarx One doesn't meet the minimum requirements to be ranked in API Security with 67 reviews while NGINX App Protect is ranked 3rd in API Security with 19 reviews. Checkmarx One is rated 7.6, while NGINX App Protect is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas NGINX App Protect is most compared with AWS WAF, Microsoft Azure Application Gateway, F5 Advanced WAF, Fortinet FortiWeb and Noname Security.
See our list of best API Security vendors.
We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.