We performed a comparison between Acunetix and Checkmarx One based on real PeerSpot user reviews.
Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have."
"The most valuable feature of the solution is the speed at which it can scan multiple domains in just a few hours."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"Our developers can run the attacks directly from their environments, desktops."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"Vulnerability details is valuable."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"We use the solution for dynamic application testing."
"There's a clear need for a reduction in pricing to make the service more accessible."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"The solution's pricing could be better."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us."
"It is an expensive solution."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"The cost per user is high and should be reduced."
"I would like to see the tool’s pricing improved."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"The integration could improve by including, for example, DevSecOps."
Acunetix is ranked 5th in DevSecOps with 26 reviews while Checkmarx One doesn't meet the minimum requirements to be ranked in DevSecOps with 67 reviews. Acunetix is rated 7.6, while Checkmarx One is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Rapid7 Metasploit, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and GitLab. See our Acunetix vs. Checkmarx One report.
See our list of best Application Security Testing (AST) vendors, best Vulnerability Management vendors, and best DevSecOps vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
