We performed a comparison between Acunetix and Checkmarx One based on real PeerSpot user reviews.
Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"We use the solution for the scanning of vulnerabilities like SQL injections."
"Our developers can run the attacks directly from their environments, desktops."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"The tool's most valuable feature is performance."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"One of the most valuable features is it is flexible."
"It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"While we do have it integrated with other solutions, it could still offer more integrations."
"You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"There are some versions of the solution that are not as stable as others."
"Acunetix needs to include agent analysis."
"There's a clear need for a reduction in pricing to make the service more accessible."
"The solution's pricing could be better."
"Checkmarx could improve the speed of the scans."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use."
"Checkmarx is not good because it has too many false positive issues."
"They can support the remaining languages that are currently not supported. They can also create a different model that can identify zero-day attacks. They can work on different patterns to identify and detect zero-day vulnerability attacks."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"We have received some feedback from our customers who are receiving a large number of false positives."
"I would like to see the tool’s pricing improved."
Acunetix is ranked 5th in DevSecOps with 26 reviews while Checkmarx One doesn't meet the minimum requirements to be ranked in DevSecOps with 67 reviews. Acunetix is rated 7.6, while Checkmarx One is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Qualys Web Application Scanning, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and GitLab. See our Acunetix vs. Checkmarx One report.
See our list of best Application Security Testing (AST) vendors, best Vulnerability Management vendors, and best DevSecOps vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.