We performed a comparison between Checkmarx One and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Scan reviews can occur during the development lifecycle."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The setup is fairly easy. We didn't struggle with the process at all."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The user interface is excellent. It's very user friendly."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"It is easy to use."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"The product prevents possible vulnerabilities in our network."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"They should try to include business logic vulnerabilities in the scanner testing."
"There could be better management and faster scanning."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"Deployment can be complicated."
"The software’s pricing could be improved."
"The solution needs to adjust its pricing. They should make it more affordable."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
More Qualys Web Application Scanning Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. Checkmarx One is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Invicti. See our Checkmarx One vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.