We performed a comparison between Checkmarx One and NGINX App Protect based on real PeerSpot user reviews.
Find out what your peers are saying about Noname Security, Salt Security, Checkmarx and others in API Security."Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."
"The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages."
"The most valuable feature for me is the Jenkins Plugin."
"It is a stable product."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The only thing I like is that Checkmarx does not need to compile."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"I tested specific features and evaluated the solution against the Web Application Firewall. I conducted research to test different detection percentages. I did not use it directly for protection but for evaluation purposes."
"It has the best documentation features."
"The most valuable feature is that I can establish different services from the firewall."
"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
"We were looking for a product that is capable of complete automation and a container based solution. It's working."
"The initial setup was simple and took three to four days."
"The most valuable feature of NGINX App Protect is the reverse proxy."
"The stability of the product is very impressive since it handles 60,000 to 70,000 requests or transactions per second."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The solution sometimes reports a false auditable code or false positive."
"The product can be improved by continuing to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver."
"The pricing can get a bit expensive, depending on the company's size."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"The integration of NGINX App Protect could improve."
"Right now, the tool doesn't provide an option revolving around update feeds, specifically the signature update option in the UI."
"As far as scalability, it takes a long time for deployment."
"I encountered issues with NGINX App Protect while trying to upgrade custom rules."
"Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."
"The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary."
"It's challenging if you need to go for a high throughput."
"Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks."
Checkmarx One is ranked 3rd in API Security with 67 reviews while NGINX App Protect is ranked 4th in API Security with 19 reviews. Checkmarx One is rated 7.6, while NGINX App Protect is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas NGINX App Protect is most compared with AWS WAF, Microsoft Azure Application Gateway, F5 Advanced WAF, Fortinet FortiWeb and Cloudflare Web Application Firewall.
See our list of best API Security vendors.
We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.