We performed a comparison between Checkmarx One and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."
"Vulnerability details is valuable."
"The solution allows us to create custom rules for code checks."
"It allows for SAST scanning of uncompiled code. Further, it natively integrates with all key repos formats (Git, TFS, SVN, Perforce, etc)."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"It works with many different products."
"It is a very stable solution."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"Checkmarx could be improved with more integration with third-party software."
"It would be really helpful if the level of confidence was included, with respect to identified issues."
"Checkmarx could improve by reducing the price."
"Checkmarx could improve the REST APIs by including automation."
"Its pricing model can be improved. Sometimes, it is a little complex to understand its pricing model."
"Micro-services need to be included in the next release."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"There should be better visibility into the application."
"The solution needs to adjust its pricing. They should make it more affordable."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"There could be better management and faster scanning."
"In certain cases, this product does have false positives, which the company should work on."
More Qualys Web Application Scanning Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Checkmarx One is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Snyk. See our Checkmarx One vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.