We performed a comparison between Acunetix and Checkmarx One based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"Our developers can run the attacks directly from their environments, desktops."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"The tool's most valuable feature is performance."
"The usability and overall scan results are good."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"Helps us check vulnerabilities in our SAP Fiori application."
"Apart from software scanning, software composition scanning is valuable."
"The setup is fairly easy. We didn't struggle with the process at all."
"The user interface is excellent. It's very user friendly."
"The report function is the solution's greatest asset."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"Acunetix needs to improve its cost."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"You can't use it in the continuous delivery pipeline because the scanning takes too much time."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Its user interface could be improved and made more friendly."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"If it is a very large code base then we have a problem where we cannot scan it."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
Acunetix is ranked 17th in Application Security Tools with 26 reviews while Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews. Acunetix is rated 7.6, while Checkmarx One is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Rapid7 Metasploit, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and GitHub. See our Acunetix vs. Checkmarx One report.
See our list of best Application Security Tools vendors, best Static Application Security Testing (SAST) vendors, and best Vulnerability Management vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.