We performed a comparison between AWS WAF and Checkmarx One based on real PeerSpot user reviews.
Find out what your peers are saying about Amazon Web Services (AWS), F5, Microsoft and others in Web Application Firewall (WAF)."As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good."
"AWS WAF is very easy to use and configure on AWS."
"This product supplies options for web security for applications accessing sensitive information."
"The solution's initial setup process is easy."
"We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS."
"The web solution effectively protects from vulnerabilities and cyber attacks."
"The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"We use the solution to validate the source code and do SAST and security analysis."
"The most valuable feature for me is the Jenkins Plugin."
"The solution is scalable, but other solutions are better."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The most valuable feature is the application tracking reporting."
"This solution could be improved if the configuration steps were more specific to WAF, compared to other cloud services."
"The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively."
"The default content policy available in the tool is not very strong compared to the competitors."
"The price could be improved."
"The solution should identify why it blocks particular websites."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"It's a bit difficult to apply the right rules for the right security."
"For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The pricing can get a bit expensive, depending on the company's size."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews. AWS WAF is rated 8.0, while Checkmarx One is rated 7.6. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Fortinet FortiWeb, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.