We performed a comparison between Checkmarx One and Symantec Web Application Firewall based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."It has all the features we need."
"The only thing I like is that Checkmarx does not need to compile."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"The solution allows us to create custom rules for code checks."
"The solution communicates where to fix the issue for the purpose of less iterations."
"Scan reviews can occur during the development lifecycle."
"The solution has good performance, it is able to compute in 10 to 15 minutes."
"The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"The interface is user-friendly."
"The setup was straightforward."
"The solution has an up-to-date data repository to deal with external threats."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"Checkmarx could be improved with more integration with third-party software."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"Sometimes scanning slows down the endpoints."
"I'm not convinced that it's necessary the best solution going forward in the future."
"It would be an improvement if the management dashboards were not reliant upon Java."
Earn 20 points
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Symantec Web Application Firewall is ranked 37th in Web Application Firewall (WAF). Checkmarx One is rated 7.6, while Symantec Web Application Firewall is rated 8.4. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Symantec Web Application Firewall writes "An excellent up-to-date data repository handling external threats successfully". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Symantec Web Application Firewall is most compared with F5 BIG-IP Local Traffic Manager (LTM) and WAPPLES.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
