We performed a comparison between Checkmarx One and NGINX App Protect based on real PeerSpot user reviews.
Find out in this report how the two API Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The value you can get out of the speedy production may be worth the price tag."
"The tool's most valuable feature is the OWASP certification. Additionally, the tool's ability to enforce strong passwords and OTP within minutes is impressive. With its analytics and recommendations, it is a very good solution."
"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
"NGINX App Protect has complete control over the HTTP session."
"We were looking for a product that is capable of complete automation and a container based solution. It's working."
"The most valuable feature of NGINX App Protect is its flexibility."
"The most valuable feature of NGINX App Protect is its open source."
"It is a stable solution."
"The policies are flexible based on the technologies you use."
"Checkmarx could improve the REST APIs by including automation."
"We have received some feedback from our customers who are receiving a large number of false positives."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Meta data is always needed."
"I would like to see the rate of false positives reduced."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"I would like to see the DAST solution in the future."
"It's challenging if you need to go for a high throughput."
"They could provide a better user interface."
"The price of NGINX App Protect could improve."
"NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution."
"The integration of NGINX App Protect could improve."
"The product's user interface is an area with shortcomings as it can be quite confusing for users, making it an area where improvements are required."
"The solution needs to be improved in the e-commerce portal."
"I encountered issues with NGINX App Protect while trying to upgrade custom rules."
Checkmarx One is ranked 3rd in API Security with 67 reviews while NGINX App Protect is ranked 4th in API Security with 20 reviews. Checkmarx One is rated 7.6, while NGINX App Protect is rated 8.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas NGINX App Protect is most compared with AWS WAF, Microsoft Azure Application Gateway, F5 Advanced WAF, Fortinet FortiWeb and Cloudflare Web Application Firewall. See our Checkmarx One vs. NGINX App Protect report.
See our list of best API Security vendors.
We monitor all API Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.