We performed a comparison between Acunetix, Checkmarx One, and HCL AppScan based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The solution is highly stable."
"The tool's most valuable feature is performance."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."
"It's very user-friendly for the testing teams. It's very easy for them to understand things and to fix vulnerabilities."
"The report function is the solution's greatest asset."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"Helps us check vulnerabilities in our SAP Fiori application."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"The user interface is modern and nice to use."
"The UI is user-friendly."
"One of the most valuable features is it is flexible."
"This solution saves us time due to the low number of false positives detected."
"The reporting part is the most valuable feature."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"Compared to other tools only AppScan supports special language."
"There's extensive functionality with custom rules and a custom knowledge base."
"The UI was very intuitive."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"AppScan is stable."
"The solution's pricing could be better."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"There's a clear need for a reduction in pricing to make the service more accessible."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Licensing models and Swift language support are the aspects in which this product needs to improve. Swift is a new language, in which major customers require support for lower prices."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"Implementing a blackout time for any user or teams: Needs improvement."
"Checkmarx could be improved with more integration with third-party software."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"HCL AppScan needs to improve security."
"The product has some technical limitations."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."