We performed a comparison between Acunetix and Checkmarx One based on real PeerSpot user reviews.
Find out in this report how the two DevSecOps solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."
"Overall, it's a very good tool and a very good engine."
"The usability and overall scan results are good."
"The tool's most valuable feature is performance."
"I haven't seen reporting of that level in any other tool."
"The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes."
"The user interface is excellent. It's very user friendly."
"We use the solution for dynamic application testing."
"The value you can get out of the speedy production may be worth the price tag."
"The main advantage of this solution is its centralized reporting functionality, which lets us track issues, then see and report on the priorities via a web portal."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"Acunetix needs to include agent analysis."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"While we do have it integrated with other solutions, it could still offer more integrations."
"There's a clear need for a reduction in pricing to make the service more accessible."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"The cost per user is high and should be reduced."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
"Checkmarx could improve by reducing the price."
"I would like to see the DAST solution in the future."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"Checkmarx is not good because it has too many false positive issues."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
Acunetix is ranked 5th in DevSecOps with 26 reviews while Checkmarx One doesn't meet the minimum requirements to be ranked in DevSecOps with 67 reviews. Acunetix is rated 7.6, while Checkmarx One is rated 7.6. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Rapid7 Metasploit, whereas Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and GitLab. See our Acunetix vs. Checkmarx One report.
See our list of best Application Security Testing (AST) vendors, best Vulnerability Management vendors, and best DevSecOps vendors.
We monitor all DevSecOps reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.