We performed a comparison between Checkmarx One, Fortra Tripwire IP360, and Parasoft SOAtest based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."Both automatic and manual code review (CxQL) are valuable."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"The only thing I like is that Checkmarx does not need to compile."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The user interface is excellent. It's very user friendly."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The solution is scalable, but other solutions are better."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"We could manage our entire IP range with the solution."
"Tripwire IP360 is a very stable solution."
"If you want something that’s not provided out of the box, then you can write it yourself and integrate it with SOAtest."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"Since the solution has both command line and automation options, it generates good reports."
"Every imaginable source in the entire world of information technology can be accessed and used."
"The solution is scalable."
"Automatic testing is the most valuable feature."
"They have a feature where they can record traffic and create tests on the report traffic."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"The reports are good, but they still need to be improved considering what the UI offers."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"I expect application security vendors to cover all aspects of application security, including SAST, DAST, and even mobile application security testing. And it would be much better if they provided an on-premises and cloud option for all these main application security features."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"I would like the product to include more debugging and developed tools. It needs to also add enhancements on the coding side."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"Implementing a blackout time for any user or teams: Needs improvement."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"We need to dedicate time and resources to keep it running."
"I am not very impressed by the technical support."
"Tuning the tool takes time because it gives quite a long list of warnings."
"From an automation point of view, it should have better clarity and be more user friendly."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"Reporting facilities can be better."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"The summary reports could be improved."
