We performed a comparison between Checkmarx One and Microsoft Azure Application Gateway based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The solution communicates where to fix the issue for the purpose of less iterations."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"It is a stable product."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The user interface is excellent. It's very user friendly."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"I find Application Gateway’s WAF module valuable because it helps prevent layer 7 attacks."
"I find Application Gateway’s WAF module valuable because it helps prevent layer 7 attacks."
"The solution has built-in rules that reduce alerts and are easy to configure."
"Load balancing and web application firewall features are the most valuable."
"The solution was very easy to configure. It wasn't hard at all to adjust it to our needs."
"It does an excellent job of load balancing."
"We find it valuable because it is compatible with our existing Azure solution."
"I like the tool's stability and performance."
"The pricing can get a bit expensive, depending on the company's size."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The solution sometimes reports a false auditable code or false positive."
"Checkmarx could improve the REST APIs by including automation."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"I would like to see the DAST solution in the future."
"It could be more stable, and support could be better. It would also be better if they offered more features. For example, it lacks security features. Before we used another English solution, and we realized that some of the rules were not set up correctly and passed through the Application Gateway's English controllers. But the problem, in this case, is if you send ten rules, for example, six rules hit some issues. IP address blocking could be better. The rules, for example, don't work properly. If you have one issue, one rule or another rule will not work. This sounds like total madness to me."
"We have encountered some issues with automatic redirection and cancellation, leading to 502 and 504 gateway errors. So, I experienced some trouble with containers."
"Application Gateway’s limitation is that the private and the public endpoint cannot use the same port."
"The configuration is very specific right now and needs to be much more flexible."
"The product's performance should be better."
"For the first-time user, it is difficult to understand so the user-interface needs to be improved."
"The pricing of the solution could be improved. Right now, it's a bit expensive."
"The graphical interface needs improvement because it is not user friendly."
More Microsoft Azure Application Gateway Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Microsoft Azure Application Gateway is ranked 4th in Application Delivery Controllers (ADC) with 40 reviews. Checkmarx One is rated 7.6, while Microsoft Azure Application Gateway is rated 7.2. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Microsoft Azure Application Gateway writes "High stability with built-in rules that reduce alerts and are easy to configure". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Microsoft Azure Application Gateway is most compared with AWS WAF, Citrix NetScaler, F5 Advanced WAF, Azure Front Door and Cloudflare Web Application Firewall.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
