We performed a comparison between Checkmarx One and Fortinet FortiWeb based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The user interface is excellent. It's very user friendly."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"Scan reviews can occur during the development lifecycle."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The UI is very intuitive and simple to use."
"The GUI is user-friendly and it's easy to understand how to manage it."
"Other than the additional security with exploit protection, we have simpler certificate handling, as we can keep internal servers using internal certificates continuously distributed and updated by Active Directory Group Policy, while the public certificates become updated only in a single place, FortiWeb itself."
"SSL Offloading simplifies the public certificate handling and brings additional protection features."
"The solution is easy to configure and deploy."
"All the features that FortiGate contains are very suitable for our business. We work with other products in Fortinet, FortiWeb, FortiSandbox, FortiMail, and FortiCache. We use all UTM features like self-encryption, encryption, all UTM features."
"If I need something from tech support, I can get it answered within the hour."
"The ability to configure multiple policies for different requirements is a strong feature of Fortinet FortiWeb."
"It is a good product. We have just blocked everything coming from some geographical locations or certain countries, and it has been working very efficiently when I look at logs, events, and incidents generated from the system. It is generating very good analytic reports about it. This is the most valuable thing about this solution. It has load balancing and almost everything that a web application firewall needs. It is very flexible and easy to learn and configure. It can be easily learned and configured by using the information available on different channels such as YouTube."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"The cost per user is high and should be reduced."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"The integration could improve by including, for example, DevSecOps."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"When we look at the incident reports in the dashboard, they are available for a maximum duration of 24 hours. They should provide more time for the analysis and increase the duration of the availability of these reports. Currently, it gives the options for 5 minutes, 1 hour, and 24 hours. It would be excellent if there are more options for a longer time period. It may be configurable, but I don't know how to do it."
"FortiWeb needs to have support for the newest technology being used in web applications."
"A user interface or dashboard for troubleshooting is needed."
"Centralized configuration using FortiManager – like what exists for NGFW FortiGate appliances - would improve the configuration."
"The F5 solution has more features than Fortinet FortiWeb, such as multiple load balancing."
"We have had problems with deployments where we've had to contact technical support to resolve them."
"Their support needs improvement."
"The automation piece can be improved. Although they say it can be automated very well, there is still manual work. Its usability should be improved in terms of automation because we want to build an infrastructure with code, but you can't do that easily with this solution. If they can give us APIs in the firewalls that we can tap into, it would be perfect."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews. Checkmarx One is rated 7.6, while Fortinet FortiWeb is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall. See our Checkmarx One vs. Fortinet FortiWeb report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.