We performed a comparison between Checkmarx One and Imperva Web Application Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The administration in Checkmarx is very good."
"It has all the features we need."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The most valuable feature is the simple user interface."
"Both automatic and manual code review (CxQL) are valuable."
"We were using HPE Security Fortify to scan code for security vulnerabilities, but it can scan only after a successful compile. If the code has dependencies or build errors, the scan fails. With Checkmarx, pre-compile scanning is seamless. This allows us to scan more code."
"The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important."
"There are some features that are configured by default, so even without doing much, it can still provide a level of protection."
"The most important feature I have found to be the ease in how to do the backup and restores."
"The dynamic profiling of websites is the solution's most valuable feature. The security is also good."
"The features I have found most valuable with Imperva Web Application Firewall are account takeover protection, advanced bot protection, and API security."
"If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency."
"The most valuable features of the Imperva Web Application Firewall are performance and flexibility. We can extend or customize the box itself."
"It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."
"The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security."
"I would like to see the rate of false positives reduced."
"The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered."
"The cost per user is high and should be reduced."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"We are trying to find out if there is a way to identify the run-time null values. I am analyzing different tools to check if there is any tool that supports run-time null value identification, but I don't think any of the tools in the market currently supports this feature. It would be helpful if Checkmarx can identify and throw an exception for a null value at the run time. It would make things a lot easier if there is a way for Checkmarx to identify nullable fields or hard-coded values in the code. The accessibility for customized Checkmarx rules is currently limited and should be improved. In addition, it would be great if Checkmarx can do static code and dynamic code validation. It does a lot of security-related scanning, and it should also do static code and dynamic code validation. Currently, for security-related validation, we are using Checkmarx, and for static code and dynamic code validation, we are using some other tools. We are spending money on different tools. We can pay a little extra money and use Checkmarx for everything."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"The reports are good, but they still need to be improved considering what the UI offers."
"The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year."
"Imperva Web Application Firewall could improve the console by making it easier to use."
"The tool's UI is complicated. It would be best to have a more accessible UI dashboard to make the job easier."
"It would be nice to have more security control over mobile applications so I would suggest adding more mobile security features. It would also be beneficial to see improvements in regards to interface bandwidth performance, CPU time, and RAM size. Learning capability of the device is quite weak."
"The signature updates could be faster. Sometimes we have to upload signatures to the Imperva portal for checking and analysis before we can use them."
"An improvement for Imperva WAF would be to reduce the number of false positives and create more strong use cases based on AI/ML or behavioral analytics."
"I think that better bot protection is needed in this solution."
"I'd like the option to pick your bot protection."
More Imperva Web Application Firewall Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Imperva Web Application Firewall is ranked 6th in Web Application Firewall (WAF) with 46 reviews. Checkmarx One is rated 7.6, while Imperva Web Application Firewall is rated 8.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Imperva Web Application Firewall writes "Offers simulation for studying infrastructure and hybrid infrastructure protection". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Imperva Web Application Firewall is most compared with AWS WAF, F5 Advanced WAF, Microsoft Azure Application Gateway, Fortinet FortiWeb and Azure Front Door. See our Checkmarx One vs. Imperva Web Application Firewall report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.