Web application security report from it central station 2018 05 12 thumbnail
Find out what your peers are saying about F5, Checkmarx, Incapsula and others in Web Application Security.
270,647 professionals have used our research since 2012.
Web application security report from it central station 2018 05 12 thumbnail
Find out what your peers are saying about F5, Checkmarx, Incapsula and others in Web Application Security.
270,647 professionals have used our research since 2012.
Chart Key
Average Rating
Average rating based on reviews
Views
Number of total page views
Comparisons
Number of times compared to another product
Reviews
Total number of reviews on IT Central Station
Followers
Number of followers on IT Central Station
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score. The score is calculated as follows: The product with the highest count in each area gets the highest available score. (20 points for Reviews; 16 points for Views, Comparisons, and Followers.) Every other product gets assigned points based on its total in proportion to the #1 product in that area. For example, if a product has 80% of the number of reviews compared to the product with the most reviews then the product's score for reviews would be 20% (weighting factor) * 80% = 16. For Average Rating, the maximum score is 32 points awarded linearly based on our rating scale of 1-10. If a product has fewer than ten reviews, the point contribution for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews; two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
Most Views
From IT Central Station visitors
Most Reviews
Within the last 24 months
Most Followed
By IT Central Station users
Most Compared
From IT Central Station visitors

Best Web Application Security Testing Tools and Scanners

Read reviews of Web Application Security that are trending in the IT Central Station community:
Your trust is our top concern, so companies can't alter or remove reviews.
0e5ae681 5766 4d49 83e3 a27a3a8e3708 avatar
Real User
Technical Product Manager at a tech services company with 11-50 employees
Apr 13 2018

What is most valuable?

It has so many features. First of all, it has a full proxy architecture, it has multiple modules. The best feature is the WAF, the web application firewall module. It also has cashing type capabilities. It has all kinds of load-balancing... more»

How has it helped my organization?

It has multi-tenancy features, like hardware clustering. It has software partitioning so that you can partition F5. For example, in my recent deployments, I deployed F5 in a bank where they had two load balancers. One was Cisco Ace and the... more»

What needs improvement?

The room for improvement is that the product is a little costly. I live in the Third World, Pakistan. We have budget constraints, even in big enterprise servers. My team said that this product is too costly, and why don't we go with another... more»
Networke223881 li?1429130654
Real User
Network Analyst at a financial services firm with 1,001-5,000 employees
Aug 31 2016

What is most valuable?

The most valuable feature is the F5 LTM most organisations will be using most. It provides the core functionality to be able to load balance services and the means and the intelligence to be able to load balance based on advanced logic, e.g.,... more»

How has it helped my organization?

It has enabled us to keep a sustainable and supported load balancing platform. This is partly due to Cisco withdrawing a large number of their load balancing products and also related to Microsoft Network Load Balancing not scaling enough to... more»

What needs improvement?

I would like F5 to incorporate the ability to create your own custom roles and customised permissions within the product set. I have seen many customers wanting to give a certain level of access for the purposes of out-of-hours servicing to... more»
Web application security report from it central station 2018 05 12 thumbnail
Find out what your peers are saying about F5, Checkmarx, Incapsula and others in Web Application Security.
270,647 professionals have used our research since 2012.
4c gray text
Cloudflare
Dfd39ddf 9827 4e9c 8b51 6f3816d97c09 avatar
Consultant
WordPress Developer & Consultant at a tech services company
Feb 14 2017

What is most valuable?

CloudFlare offers some of the most amazing features when it comes to optimizing websites & for its security for free, and all at the domain level. They were able to truly disrupt the market because prior to them, only enterprises had... more»

How has it helped my organization?

As mentioned, it helps me manage DNS records for more than 100 domains with ease. It helps in web page optimization & helps keep the website secure. If it was not for CloudFlare, I would have to hire a dedicated resource to manage all... more»

What needs improvement?

CloudFlare is an innovative company and certainly the thought leaders in their industry. They're constantly improving their product, releasing new features, partnering with various service providers to offer add-ons. Personally, I think... more»
Anonymous avatar x80
Real User
Product Specialist - Security Solutions at a tech services company with 501-1,000 employees
Aug 31 2016

What is most valuable?

iRule: It's a great feature that helped us multiple times have an advantage over competition Appliance Performance: One of the main advantages we always have over competition is in hardware performance, where the smallest F5 appliances compete with competitors’ medium to high-end appliances, while high-end devices can sit in the datacenter without risking... more»

What needs improvement?

* Reporting: One of the negative things about F5 is there is no place to generate a summary/executive/detailed report about everything happening on the box, especially for WAF & APM events. The only way to get some kind of report is enable the AVR module, and manually export the data required into PDF/XLS documents. * GUI interface: F5 appliances lack a... more»
Dc1c8ab2 21c6 4ce3 b76f d64184df2f6f avatar
Real User
System Administrator at a tech services company with 51-200 employees
Mar 08 2018

What is most valuable?

* I like to see the security. On the site security, I can see which countries have incidents, whether it was a robot attack, a real human user, or non-human user. For this feature, I like it because I can see information quickly without going... more»

How has it helped my organization?

When I joined the company, one of our websites was hacked by malware (somebody put it on our website). The website went down for a long time. It took two weeks to clear the server and move everything: all the content, clean it, bring it up,... more»

What needs improvement?

I am not sure if this application has a policy where you can create your custom policy and run it as our firewall. We should have some ability to also create some custom policy, then run it as a firewall. Maybe it is not relevant, but I think... more»
Anonymous avatar x80
Consultant
Sr. Consultant at a tech services company with 51-200 employees
Feb 23 2017

What is most valuable?

The most valuable feature is the grouping of multiple targets via the scan policy. It is valuable because of the large number of targets and governmental requirements to conduct periodic scans.

How has it helped my organization?

With acquisition of a license to use the product, we received the ability to standardize database scanning and data protection across the enterprise around one product.

What needs improvement?

Many features are buried under not-straight-forward options and, at times, hard to find screens. Very few import features have clearly defined format requirements. Agent installation for data usage/blocking activities on target boxes requires... more»
Anonymous avatar x80
Real User
Solution Architect/Application Administrator at a energy/utilities company with 1,001-5,000 employees
Feb 27 2017

What is most valuable?

We like the capability to combine the content switching with the intrusion prevention and adding the security roles, so we can expose certain sub-pieces outside without exposing everything. Another feature that we like is how they integrate nicely with the Oracle PeopleSoft application, and since that's one of my main focuses, I really like that they have the... more»

What needs improvement?

I have been really happy with what they have been doing. They could improve the synchronization between their main site and the failover site. Sometimes, we run into issues where it does not sync well, so I would like to see that improved. The synchronization does works fairly well. However, if I were to make changes, I would make it easier to start the sync... more»
217e1bb1 bd73 4e12 adbd 1a80d2bd6443 avatar?1441012869
Real User
Senior Web Manager at a university with 501-1,000 employees
Feb 05 2017

What is most valuable?

Incapsula: * Strength of DDoS and WAF * Simple dashboard * Analytics * SSL CloudFlare: * Ease of use * Simple dashboard * DNS management * CDN * SSL

How has it helped my organization?

Incapsula: It has provided heightened visibility and awareness at management level on the actual threat landscape; it paves the way for easier approval for security-related implementations/projects. CloudFlare: It provides free SSL certs that... more»

What needs improvement?

Incapsula: * Allow easier scripting of firewall rules. * Enable more custom actions to trigger turning on/off Incapsula settings (current actions are quite limited). * Allow setting up of user groups to manage different groups of sites with... more»
4c gray text
Cloudflare
B53bf237 2365 4758 9676 e9aef4a11b9d avatar
Real User
Ui Developer at a marketing services firm with 51-200 employees
Feb 20 2017

What is most valuable?

These are some of the valuable features: * Free 15 year SSL certificates (I used to need to pay for these). * Spam protection to help prevent spam and unnecessary bot traffic. * Edge caching on a CDN. This is nice for WordPress sites. I can... more»

How has it helped my organization?

Once a domain's name servers have been pointed to CloudFlare, you never have to worry about DNS propagation. This would be the case, for example, if you wanted to point a domain to a different EC2/digital ocean instance.

What needs improvement?

In that sense, it's marketing that could use some improvement. It is hard to call your own product a "necessity", but I truly believe that it, or something like it, is a necessity. Without it, you are risking higher costs, more spam, more... more»
Wallarm logo
Wallarm
B491d089 c57e 47e3 be30 40d9e3cf41e7 avatar
Real User
VP, Engineering and Operations at a tech vendor with 501-1,000 employees
May 17 2017

What is most valuable?

I would say that the active threat detection feature and adaptive rules are the most valuable for us. With active threat detection, we are no longer over-swamped with tons of useless events. As all the payloads from malicious requests are... more»

How has it helped my organization?

We added a real-time protection layer for all the web-facing applications and APIs in our CI/CD pipelines. As every one of the applications are updated almost every day, it was impossible to use any tools based on signatures or static rules.

What needs improvement?

It needs more customization in PDF reports.
Checkmarx logo
Checkmarx
5daa2f6b 048b 4b45 9cce c921095453b7 avatar
Real User
Technical Program Manager at a engineering company with 10,001+ employees
Feb 26 2017

What is most valuable?

* The export feature and presentation of the results. * The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions). * A wide variety of modern programming languages are supported,... more»

How has it helped my organization?

For manual code testing, Checkmarx has been very helpful discarding false positives, filtering and removing a lot of files that are not presenting any threat, as well as indicating the files or functions that should be focused upon. Checkmarx... more»

What needs improvement?

The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode. Compiled code means that the code written is stored in binaries, for machine reading only. Tools like Veracode... more»
Wallarm logo
Wallarm
D23e612e 9aac 4211 b044 5e82ccb55326 avatar
Real User
Security Researcher at a tech vendor
Jan 03 2018

What is most valuable?

The most powerful feature is the ability to first learn what type of query to make to your web application when it is attacked and what type of query creates a false positive to your app. You can first learn Wallarm in monitoring mode, then... more»

How has it helped my organization?

Improves nothing. Helps us to monitor situations in regards to attacks to our sites and prevents a lot of them.

What needs improvement?

The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine.
4c gray text
Cloudflare
091f33d8 f557 400a 9ab2 a116508bd0bc avatar?1444263362
Real User
COO at a tech services company with 11-50 employees
May 22 2017

What is most valuable?

The API gives us the ability to remote control our DNS settings. With many platforms, such as PF-Sense integrating with CloudFlare, it’s an invaluable tool for things such as Dynamic DNS, Let’s Encrypt DNS-01 Challenge, or even as a rapid... more»

How has it helped my organization?

CloudFlare made it easier for us to manage our client’s DNS. With their outstanding UI, we have been able to reduce human errors and get a better overview of our DNS and security.

What needs improvement?

* We need templates and profiles badly for the whole setup and multi-user support with rights management. * They need to fix their extensions and integrations faster. * They need to add more sub-level API keys.
Anonymous avatar x80
Real User
Network and Security Engineer at a Consumer Goods with 1,001-5,000 employees
Feb 23 2017

What is most valuable?

* Very easy to configure, which quickly allows us to add significant security to our websites. * Nice dashboard, which shows us details about traffic, security, performance, real-time utilization and an activity log. * Easy to configure... more»

How has it helped my organization?

With our IT infrastructure more secure, our customers receive a great website experience without encountering website defacements and other fallout from attacks on our web servers. Our IT department is not spending the time we used to on... more»

What needs improvement?

An Incapsula website configuration instance can be in a "Pending DNS changes" state, where further work is needing to be done by the customer, while website access is otherwise fully functional. While in this state, the PCI Compliance Report... more»
Anonymous avatar x80
Real User
Engineer at a financial services firm with 1,001-5,000 employees
Aug 31 2016

What is most valuable?

* FortiAnalyzer (SIEM) integration is useful for us because we collect in this device almost all the security events from the network. We are using exact URL (no default page, no home page) for our e-banking services for enterprises. Then we... more»

How has it helped my organization?

It helped us initially publish e-banking services, but after a few months, we discovered it was an easy way to deploy other internal websites, published in an intranet style.

What needs improvement?

I think Fortinet must make an effort in terms of upgrade procedures. There were some troubles upgrading from 5.2.x to 5.3.x, and the problem appeared again upgrading from 5.3.x to 5.5.x: * Upgrading from 5.2.x to 5.3.x. Fortinet provides a... more»
F0ddaccb 96f8 492e 9c9f eec870227199 avatar?1439800485
Real User
Senior Analyst at a financial services firm with 1,001-5,000 employees
Aug 30 2016

What is most valuable?

In my opinion, the following features of FortiWeb 4000E are the most valuable & were appreciated during all my previous engagements: * 20 Gbps appliance throughput makes it useful for large enterprise deployment and also meets future... more»

How has it helped my organization?

* Operations overhead (administration and escalation management) has been brought down, as Fortinet provides flexible and customizable reporting options with the FortiAnalyzer appliance for logging and reporting. * Rule creation and fine... more»

What needs improvement?

Product support is a major concern; if FortiWeb wants to become a market leader, then it must provide better after-sales services. The automatic policy learning feature also needs some improvement, as using this feature leads to more false... more»
Anonymous avatar x80
Real User
Director at a tech services company with 51-200 employees
Aug 31 2016

What is most valuable?

We use them for VPN, standard layer 4, web filtering, anti-malware and DLP – they are used as our perimeter firewall solution.

How has it helped my organization?

I would not say it has improved how we function because I think that other leading vendors firewalls are as good. However, I do think that FortiGate can do it at a much better price point than, for example, Cisco ASA or Palo Alto.

What needs improvement?

The CLI could be improved by removing all default syntax from the config. The debugging of crypto VPN is not as informative as other vendors’ firewalls. The GUI is also not as good as some vendors, but overall as a package and considering... more»
Checkmarx logo
Checkmarx
E46147d6 a86a 41dc 9a08 5f2e0cd47979 avatar
Real User
Senior Manager at a tech vendor
Feb 23 2017

What is most valuable?

Scan reviews can occur during the development lifecycle.

How has it helped my organization?

It moved our organization towards being agile vs. waterfall.

What needs improvement?

The areas in which this product needs to improve are: * C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported. * There were issues in regards to the JSP parsing. * Defect report... more»
Sucuri security
Sucuri Security
Anonymous avatar x80
Consultant
Associate Consultant
Jun 11 2017

What is most valuable?

Domain name scanning since it allows us to scan all our domain names and determine whether it has malware or if is reported as phishing. Sucuri also gives us details on content that may have triggered the malware/phishing report.

How has it helped my organization?

The product has sped up our ability to detect suspicious domains and alert the registrants or relevant parties. It has also allowed us to share more details on such detections to the relevant parties since the report is comprehensive enough.

What needs improvement?

* Confident score: Currently it does not have one and there are cases that most websites flagged are false-positives. Since they don’t have it, then we end up manually reassessing the website. It would be good if they had it so we could tweak... more»
4c gray text
Cloudflare
91528adf e634 41ee 967c 3aad224b95f3 avatar
Real User
Technical Lead at a tech services company with 51-200 employees
Sep 20 2016

What is most valuable?

I have used the cache feature of CloudFlare CDN. CloudFlare is very easy to set up for my site domain. It is very easy to maintain. CloudFlare flushes the cache immediately, which is not supported by some of the other CDN networks such as... more»

How has it helped my organization?

No comments, because I am using it only for creating a cache flushing tool that will work on Adobe Experience Manger (AEM).

What needs improvement?

There are some features missing or might not be visible to me as I am using its free website plan. These features are: * CloudFlare doesn't provide the cache flush history. I.e., I am not able to find out the URL information of those I have... more»
Web application security report from it central station 2018 05 12 thumbnail
Find out what your peers are saying about F5, Checkmarx, Incapsula and others in Web Application Security.
270,647 professionals have used our research since 2012.

Web Application Security Articles

C2fa4556 fe24 4433 9f6d 43684e0421e5 avatar
Market Analyst
IT Central Station
HPE Fortify on Demand, Checkmarx, Veracode, IBM Security AppScan, QualysGuard Web Application Scanning What are the best application security testing tools? IT Central Station’s crowdsourced platform helps technology professionals make informed decisions, by providing user reviews without... more»
A2677e73 3c95 4db0 9a5b 56d28884f396 avatar
305
Senior Information Security Consultant
Expertise in developing Web Based Application, Database Applications and Desktop Applications Working experience in distributed environment and distributed applications Expertise in ISA Configuration, Network Security include:· Penetration Testing· Stress... more>>
Arshad khan li?1424931700
78
Security Consultant
Security Consultant -Team lead at Accenture Sr Engineer - Security management at Wipro Service delivery consultant at HP Sr Engineer network and security at Tulip telecom Information security policies and procedures Security compliance, Governance Firewall (Check point, Cisco,... more>>
Ioannis syrigos avatar 1434074141?1434074139
2,242
IT Consultant, Business Owner, Lecturer
Dr Ioannis Syrigos is a Computer and Electrical Engineer, an Entrepreneur, co-owner and Managing Director of Stella Novus LTD, an IT consulting company running several individual online projects (Ancient-Origins.net, Members.Ancient-Origins.net, Evolving-Science.com, EnglishWithJo.com and... more>>
Omar sanchez mr tech avatar 1434666108?1434666106
5,916
TOP 5POPULAR
Information Security Advisor, CISO & CIO, Docutek Services
About my business: Docutek is a leading business and technology consulting company specializing in the development and implementation of healthcare technology since 2008. We deliver Consulting, Integration, Support and Training. We also provide clients with security assessment. network... more>>
Carlos ortiz de zevallos torrents li?1415838208
1,007
Auditor ISO20000:2011 Auditor ISO27001:2013 (BSI Lead Auditor Certified) PEN Testing & Forensics Security Analysis (Kali Linux) Detection/Defensive Actions (IDS/IPS Onion Security: Snort, Suricata, Snoby, Squert, Sguil) Analista BPM Certificado SCRUM Manager Certificado ITIL 2 y... more>>
00756e87 10c9 48b0 abe4 f644c236f79d avatar
5
Technology Consultant
▶ Profesional responsable con deseos de crecimiento, orientada al desarrollo profesional. Me gradue en Ingeniería de Telecomunicaciones y especialice Redes IP y Seguridad IT, durante el último año he desempeñado el puesto de Consultora de Seguridad IT. Actualmente estoy en nuevos proyectos y... more>>
Dfd39ddf 9827 4e9c 8b51 6f3816d97c09 avatar
439
WordPress Developer & Consultant
Think of a person who understands the role of technology in the business, power of publishing in marketing & branding, knows how to build a website, market it and also scale it! Well, that's me. Hi, I'm Mayank Gupta and I'm your one stop for all the web/digital business requirements. In... more>>
Anonymous avatar x100
190
Linux/Cisco/Microsoft Infraestructure Manager
Working towards CCIP certification CCNP certified Interested in WMI/SNMP monitoring, Cisco technologies, open source software in Linux platforms Online gaming software
Anonymous avatar x100
103
o SIEM (QRadar, AlienVault, LogStorm) o Enterprise virtualization (ESXi 5.5/6.0) o Imperva SecureSphere o MS SQL Server o MySQL o Oracle o Sybase o FileMaker; • Workshops on various technologies of SQL Server, including: o Asynchronous multi-threaded request processing o Scaling out reporting... more>>
Reviewed Imperva SecureSphere Web Application Firewall: Scan policies allow us to group multiple targets and...

Sign Up with Email