We changed our name from IT Central Station: Here's why

Checkmarx vs Rapid7 AppSpider comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
43,818 views|33,000 comparisons
Rapid7 AppSpider Logo
4,267 views|3,299 comparisons
Featured Review
Find out what your peers are saying about Checkmarx vs. Rapid7 AppSpider and other solutions. Updated: January 2022.
566,121 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.""The UI is very intuitive and simple to use.""The most valuable feature is the simple user interface.""The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database.""The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all.""The most valuable feature is the application tracking reporting.""The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking.""It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."

More Checkmarx Pros →

"When it is set up properly, it can do scanning on web apps with multiple engines automatically.""I would say that it is stable, as I am not aware of any major issues.""It is really accurate and the rate of false positives is very low.""The setup is usually straightforward."

More Rapid7 AppSpider Pros →

Cons
"You can't use it in the continuous delivery pipeline because the scanning takes too much time.""Micro-services need to be included in the next release.""We have received some feedback from our customers who are receiving a large number of false positives.""The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated.""They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks.""We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything.""The integration could improve by including, for example, DevSecOps.""The cost per user is high and should be reduced."

More Checkmarx Cons →

"AppSpider could improve in the area of integration. They need to add more integration opportunities.""The dashboard and interface are crucial and they need some improvement.""The enterprise interface is too simple. It should be more customizable.""The tech support is responsive but issues remain unresolved.""Integration could be better.""Support response times are slow and can be improved."

More Rapid7 AppSpider Cons →

Pricing and Cost Advice
  • "This solution is expensive. The customized package allows you to buy additional users at any time."
  • "It's relatively expensive."
  • "The interface used to create custom rules comes at an additional cost."
  • "The number of users and coverage for languages will have an impact on the cost of the license."
  • "Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
  • "It is not expensive, but sometimes, their pricing model or licensing model is not very clear. There are similar variables, such as projects or developers, and sometimes, it is a little bit confusing."
  • "Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."
  • "We have purchased an annual license to use this solution. The price is reasonable."
  • More Checkmarx Pricing and Cost Advice →

  • "It is expensive if you want to buy the Enterprise version that is able to scan multiple applications at once."
  • "The price is pretty fair."
  • More Rapid7 AppSpider Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    566,121 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer: 
    I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 
    Top Answer: 
    The solution has good performance, it is able to compute in 10 to 15 minutes.
    Ask a question

    Earn 20 points

    Ranking
    Views
    43,818
    Comparisons
    33,000
    Reviews
    15
    Average Words per Review
    498
    Rating
    7.9
    Views
    4,267
    Comparisons
    3,299
    Reviews
    2
    Average Words per Review
    368
    Rating
    7.5
    Comparisons
    Also Known As
    AppSpider
    Learn More
    Overview

    Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

    Whitepaper: I, II

    SPAs, APIs, mobile—the evolution of application technology is measured in months, not years. Is your web application security testing tool designed to keep up? AppSpider lets you collect all the information needed to test all the apps so that you aren’t left with gaping application risks.

    Our dynamic application security testing (DAST) solution crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. With AppSpider on your side (or, rather, all of your sides), you’ll be able to scan all the apps today and always be ready for whatever comes next.

    Offer
    Learn more about Checkmarx
    Learn more about Rapid7 AppSpider
    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Microsoft
    Top Industries
    REVIEWERS
    Computer Software Company42%
    Financial Services Firm26%
    Pharma/Biotech Company11%
    Engineering Company5%
    VISITORS READING REVIEWS
    Computer Software Company28%
    Financial Services Firm17%
    Comms Service Provider14%
    Manufacturing Company5%
    VISITORS READING REVIEWS
    Computer Software Company25%
    Comms Service Provider24%
    Financial Services Firm8%
    Government6%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise19%
    Large Enterprise45%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise31%
    Large Enterprise54%
    REVIEWERS
    Small Business50%
    Midsize Enterprise25%
    Large Enterprise25%
    Find out what your peers are saying about Checkmarx vs. Rapid7 AppSpider and other solutions. Updated: January 2022.
    566,121 professionals have used our research since 2012.

    Checkmarx is ranked 2nd in Application Security Testing (AST) with 20 reviews while Rapid7 AppSpider is ranked 16th in Application Security Testing (AST) with 4 reviews. Checkmarx is rated 7.6, while Rapid7 AppSpider is rated 7.6. The top reviewer of Checkmarx writes "Easy interface that is user friendly, quick scanning, and good technical support". On the other hand, the top reviewer of Rapid7 AppSpider writes "Scan web applications for vulnerabilities and automate testing with various engines". Checkmarx is most compared with SonarQube, Veracode, Micro Focus Fortify on Demand, Snyk and Coverity, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Netsparker by Invicti, Acunetix by Invicti and Tenable.io Web Application Scanning. See our Checkmarx vs. Rapid7 AppSpider report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.