We performed a comparison between Checkmarx One, HCL AppScan, and Ixia BreakingPoint based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."It shows in-depth code of where actual vulnerabilities are."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"It has all the features we need."
"Vulnerability details is valuable."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"The setup is fairly easy. We didn't struggle with the process at all."
"The most valuable feature is the application tracking reporting."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"The static scans are good, and the SaaS as well."
"The solution offers services in a few specific development languages."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The UI was very intuitive."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The most valuable feature of Ixia BreakingPoint is the ransomware and malware database for simulated attacks."
"The solution has many protocols and options, making it very flexible."
"We use Ixia BreakingPoint for Layer 7 traffic generation. That's what we like."
"The DDoS testing module is useful and quick to use."
"It is a scalable solution."
"There is a virtual version of the product which is scaled to 100s of virtual testing blades."
"I like that we can test cloud applications."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Checkmarx could improve by reducing the price."
"Implementing a blackout time for any user or teams: Needs improvement."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"They could work to improve the user interface. Right now, it really is lacking."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"The databases for HCL are small and have room for improvement."
"HCL AppScan needs to improve security."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"The solution could improve by having a mobile version."
"AppScan is too complicated and should be made more user-friendly."
"IBM Security AppScan Source is rather hard to use."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The integration could improve in Ixia BreakingPoint."
"They should improve UI mode packages for the users."
"The quality of the traffic generation could be improved with Ixia BreakingPoint, i.e. to get closer to being accurate in what a real user will do."
"The production traffic simulations are not realistic enough for some types of DDoS attacks."
"I would appreciate some preconfigured network neighborhoods, which are predefined settings for testing networks."
"The price could be better."
"The solution originally was hard to configure; I'm not sure if they've updated this to make it simpler, but if not, it's something that could be streamlined."