We performed a comparison between Checkmarx One and Fortinet FortiWeb based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The user interface is modern and nice to use."
"We use the solution for dynamic application testing."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions)."
"Apart from software scanning, software composition scanning is valuable."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"You have the ability to control everything from one single dashboard."
"The most valuable feature is the web application firewall (WAF)."
"The most valuable feature of Fortinet FortiWeb is the ease of integration and configuration."
"The reason I recommend this product is because it guarantees that your network will be safe if it is set up properly and you fully utilize most of the functions."
"FortiGate is a stable product."
"It's the extra security that is the most valuable feature. You have insight into your traffic. There are some great insights into what utilities hackers are trying to exploit. It blocks a lot of stuff from the internet."
"The most valuable feature is ease of use."
"The valuable feature of Fortinet FortiWeb vulnerability scanner"
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server."
"Checkmarx could improve the REST APIs by including automation."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"They could work to improve the user interface. Right now, it really is lacking."
"Implementing a blackout time for any user or teams: Needs improvement."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Checkmarx could improve by reducing the price."
"Their support needs improvement."
"Their documentation is fairly complete, but it's sometimes a little bit difficult to search for exactly what you're looking for to resolve an issue. There have been times when we've gone to try to search for areas that we needed to get information on, and it has not always been extremely clear exactly how a particular thing needs to be set up."
"In terms of performance, it needs to be more robust."
"In my experience, Fortinet FortiWeb could improve the intelligent features to acknowledge whether any threat or incident that's running happened. Then give us the ability to escalate it to layer 2 or layer 3 in the network operations."
"It may be better if it were easier to create roles."
"The GUI could be better. It's limited."
"We want to see more detailed logging, such as audit logging, as this would significantly enhance the solution's reporting. We currently get some information from logs, but more would be better."
"I know that we have run into some issues with an SSL certificate and how it functions. Sometimes this breaks connectivity or just limits certain websites that are whitelisted."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews. Checkmarx One is rated 7.6, while Fortinet FortiWeb is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall. See our Checkmarx One vs. Fortinet FortiWeb report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.