Checkmarx One vs NGINX App Protect comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
0 views|39 comparisons
86% willing to recommend
F5 Logo
432 views|331 comparisons
94% willing to recommend
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Checkmarx One and NGINX App Protect based on real PeerSpot user reviews.

Find out what your peers are saying about Noname Security, Salt Security, Checkmarx and others in API Security.
To learn more, read our detailed API Security Report (Updated: April 2024).
771,063 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The value you can get out of the speedy production may be worth the price tag.""We use the solution to validate the source code and do SAST and security analysis.""It is a stable product.""The most valuable feature is the application tracking reporting.""The solution allows us to create custom rules for code checks.""The SAST component was absolutely 100% stable.""One of the most valuable features is it is flexible.""We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."

More Checkmarx One Pros →

"NGINX App Protect has complete control over the HTTP session.""WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall.""The most valuable feature of NGINX App Protect is its flexibility.""The most valuable feature of NGINX App Protect is the reverse proxy.""The stability of the product is very impressive since it handles 60,000 to 70,000 requests or transactions per second.""NGINX App Protect is stable.""The initial setup was simple and took three to four days.""The policies are flexible based on the technologies you use."

More NGINX App Protect Pros →

Cons
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools.""It would be really helpful if the level of confidence was included, with respect to identified issues.""The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode.""They could work to improve the user interface. Right now, it really is lacking.""Checkmarx could improve by reducing the price.""The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform.""In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now.""Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."

More Checkmarx One Cons →

"They could provide a better user interface.""As far as scalability, it takes a long time for deployment.""The integration of NGINX App Protect could improve.""The setup of NGINX App Protect is complex. The full process took one week to complete. Additionally, we had to change the network infrastructure platform which took one month.""It's challenging if you need to go for a high throughput.""Setting policies and parameters through the UI should be more automated because the process is manual, where we can only edit one rule at a time.""NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution.""I encountered issues with NGINX App Protect while trying to upgrade custom rules."

More NGINX App Protect Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
  • More Checkmarx One Pricing and Cost Advice →

  • "The licensing fees for this solution are pretty expensive for what it does, but there is no alternative."
  • "Our licensing costs are about $40,000 a year."
  • "Really understand the licensing model, because we underestimated that."
  • "There are no additional fees."
  • "NGINX is not expensive."
  • "The pricing is reasonable because NGINX operates on an instance basis."
  • "There is a license needed to use NGINX App Protect."
  • "There are not any additional costs we had to pay to use NGINX App Protect."
  • More NGINX App Protect Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which API Security solutions are best for your needs.
    771,063 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Top Answer:The solution's price is high and you pay based on the number of users.
    Top Answer:The solution has yearly, three-year, and five-year subscriptions.
    Top Answer:NGINX App Protect could provide a better user interface.
    Ranking
    3rd
    out of 22 in API Security
    Views
    0
    Comparisons
    39
    Reviews
    21
    Average Words per Review
    513
    Rating
    7.7
    4th
    out of 22 in API Security
    Views
    432
    Comparisons
    331
    Reviews
    9
    Average Words per Review
    334
    Rating
    8.7
    Comparisons
    Also Known As
    NGINX WAF, NGINX Web Application Firewall
    Learn More
    Overview

    Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

    Checkmarx One offers comprehensive application scanning across the SDLC:

    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • API security
    • Dynamic Application Security Testing (DAST)
    • Container security
    • IaC security
    • Correlation, prioritization, and risk management
    • Codebashing secure code training
    • AI security
    • Tech partnerships extending AppSec into runtime analysis
    • Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

    Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

    NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

    • Integrating security controls directly into the development automation pipeline
    • Applying and managing security for modern and distributed application environments such as containers and microservices
    • Providing the right level of security controls without impacting release and go-to-market velocity
    • Complying with security and regulatory requirements

    NGINX App Protect offers:

    • Expanded security beyond basic signatures to ensure adequate controls
    • F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
    • Confidently run in “blocking” mode in production with proven F5 expertise
    • High‑confidence signatures for extremely low false positives
    • Increases visibility, integrating with third‑party analytics solutions
    • Integrates security and WAF natively into the CI/CD pipeline
    • Deploys as a lightweight software package that is agnostic of underlying infrastructure
    • Facilitates declarative policies for “security as code” and integration with DevOps tools
    • Decreases developer burden and provides feedback loop for quick security remediation
    • Accelerates time to market and reduces costs with DevSecOps‑automated security
    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Information Not Available
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Financial Services Firm33%
    Comms Service Provider33%
    Insurance Company17%
    Computer Software Company17%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm11%
    Comms Service Provider8%
    Healthcare Company7%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise72%
    REVIEWERS
    Small Business26%
    Midsize Enterprise26%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise15%
    Large Enterprise61%
    Buyer's Guide
    API Security
    April 2024
    Find out what your peers are saying about Noname Security, Salt Security, Checkmarx and others in API Security. Updated: April 2024.
    771,063 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in API Security with 67 reviews while NGINX App Protect is ranked 4th in API Security with 19 reviews. Checkmarx One is rated 7.6, while NGINX App Protect is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas NGINX App Protect is most compared with AWS WAF, Microsoft Azure Application Gateway, F5 Advanced WAF, Fortinet FortiWeb and Cloudflare Web Application Firewall.

    See our list of best API Security vendors.

    We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.