We performed a comparison between Checkmarx One and Wallarm NG WAF based on real PeerSpot user reviews.
Find out in this report how the two API Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the simple user interface."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"It is a stable product."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The solution allows us to create custom rules for code checks."
"It shows in-depth code of where actual vulnerabilities are."
"Helps us to monitor situation in regards to attacks to our sites and prevents a lot of them."
"If it is a very large code base then we have a problem where we cannot scan it."
"The solution sometimes reports a false auditable code or false positive."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"We can run only one project at a time."
"The integration could improve by including, for example, DevSecOps."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine."
Earn 20 points
Checkmarx One doesn't meet the minimum requirements to be ranked in API Security with 67 reviews while Wallarm NG WAF is ranked 7th in API Security. Checkmarx One is rated 7.6, while Wallarm NG WAF is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Wallarm NG WAF writes "Active threat detection and adaptive rules are the most valuable for us". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Wallarm NG WAF is most compared with Salt Security, Noname Security, AWS WAF, F5 Advanced WAF and Cloudflare. See our Checkmarx One vs. Wallarm NG WAF report.
See our list of best API Security vendors.
We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.