We performed a comparison between Checkmarx One and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is scalable, but other solutions are better."
"The most valuable feature is the application tracking reporting."
"Helps us check vulnerabilities in our SAP Fiori application."
"The administration in Checkmarx is very good."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"It has all the features we need."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The UI is user-friendly."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"It is a very stable solution."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"The vulnerability management feature is a strong one. And also the patch management feature."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"The interface is user-friendly and easy to understand."
"Checkmarx could be improved with more integration with third-party software."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"Meta data is always needed."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"It is an expensive solution."
"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"There should be better visibility into the application."
"The pricing does not seem to be competitive."
"Deployment can be complicated."
"The reporting contains too many false positives."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
More Qualys Web Application Scanning Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. Checkmarx One is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, Veracode, PortSwigger Burp Suite Professional and Snyk. See our Checkmarx One vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.