• Home
  • Checkmarx One vs. Fortinet FortiADC

Checkmarx One vs Fortinet FortiADC comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
Checkmarx One
Read 67 Checkmarx One reviews
34,421 views|22,362 comparisons
86% willing to recommend
Fortinet Logo
Fortinet FortiADC
Read 19 Fortinet FortiADC reviews
4,691 views|3,763 comparisons
83% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Application Security Tools
April 2024
Executive Summary

We performed a comparison between Checkmarx One and Fortinet FortiADC based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.
To learn more, read our detailed Application Security Tools Report (Updated: April 2024).
Download the complete report
770,292 professionals have used our research since 2012.
Featured Review
Prakash Ganesan
A good compliance solution that is best suited to small scale applications, and suffers from stability issues
This solution helps to remediate the compliance requirements we have. The product also increases the quality of the code the developers are able to... Read more →
Saeid Khanipour Ghobani
High-level load balancing and routing protocols but scalability is limited to 200 gigabits
Our company provides WAF and complicated applications to customers. If we do not use the solution, we have issues because it protects the web... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx.""The report function is the solution's greatest asset.""The feature that I have found most valuable is that its number of false positives is less than the other security application platforms. Its ease of use is another good feature. It also supports most of the languages.""The user interface is modern and nice to use.""The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful.""It can integrate very well with DAST solutions. So both of them are combined into an integrated solution for customers running application security.""The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete.""It shows in-depth code of where actual vulnerabilities are."

More Checkmarx One Pros →

"Simple to use and easy to integrate.""I like the solution's load balance with DNS intelligence.""Fortinet FortiADC is a good product because each and every piece of content is monitored by it.""The most valuable feature is the SSL offloading capacity.""Although FortiADC has multiple features that I like, the global DNS is the most helpful. It is primarily useful for customers with huge environments and at least two data centers. FortiADC can act as your DNS server. It can check which data center has the lowest latency, and route traffic to that one. It's an intelligent DNS.""Because ADC is the intermediary between the servers and the end-user application, it gives thorough information about the traffic, what the problem is.""The main feature that we use is GSLB (Global Server Load Balancing). GSLB makes the customer's network more reliable by scaling applications across multiple datacenters. GSLB as a disaster recovery solution can direct traffic based on site availability.""The GSLB, the DR side, is the best part. Because we had our main side in one city, we created another, and we had a complete MPLS over the internet. We used the GSLB and data loss for our business applications."

More Fortinet FortiADC Pros →

Cons
"Checkmarx could improve the solution reports and false positives. The false positives could be reduced. For example, we have alerts that are tagged as vulnerabilities but when you drill down they are not.""We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process.""C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported.""One area for improvement in Checkmarx is pricing, as it's more expensive than other products.""We can run only one project at a time.""They should make it more container-friendly and optimized for the CI pipeline. They should make it a little less heavy. Right now, it requires a SQL database, and the way the tool works is that it has an engine and then it has an analysis database in which it stores the information. So, it is pretty heavy from that perspective because you have to have a full SQL Server. They're working on something called Checkmarx Light, which is a slim-down version. They haven't released it yet, but that's what we need. There should be something a little more slimmed down that can just run the analysis and output the results in a format that's readable as opposed to having a full, really big, and thick deployment with a full database server.""Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”.""It would be really helpful if the level of confidence was included, with respect to identified issues."

More Checkmarx One Cons →

"FortiADC is complex to configure so the interface should be improved.""Issues with SSL and encrypted traffic.""Technical support and documentation could both be improved.""The product's stability for VMs could be better.""The L7 Persistent load-balancing algorithm has not worked for me after having tested it many times with my customer's in-house application. I'd like to suggest that the company make sure that all load-balancing algorithms work properly with most applications, even those that are in-house apps.""Because it is so generic, the documentation requires special attention. A person who has not worked on Fortinet FortiADC or a similar product will struggle to understand what the document is trying to say. The documentation could be more specific, and more detailed.""The initial setup could be simplified.""The user interface could be more friendly and CLI could be more like that of Fortigate."

More Fortinet FortiADC Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."

    • More Checkmarx One Pricing and Cost Advice →

  • "The price is competitive"
  • "Compared to F5, FortiADC pricing is better."
  • "The solution could be more cost-effective."
  • "They offer a perpetual license."
  • "The solution is less expensive than F5 or Imperva and is the most reasonably priced option available."
  • "I believe the price is good. It's fair. There are no extra costs."
  • "The product has affordable pricing."
  • "The solution's pricing is an issue and should be improved."

    • More Fortinet FortiADC Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    770,292 professionals have used our research since 2012.
    Questions from the Community
    What alternatives are there for Fortify WebInspect and Fortify SCA?
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Read all 4 answers   →
    What do you like most about Checkmarx?
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Checkmarx?
    Top Answer:The solution's price is high and you pay based on the number of users.
    Read all 25 answers   →
    Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
    Top Answer:For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc. 
    Read all 3 answers   →
    Do you recommend Fortinet FortiADC?
    Top Answer:I recommend Fortinet FortiADC. My experience with Fortinet has been very positive. Our company has been using it for around five years. We mainly use FortiADC for the load balancing of application… more »
    What do you like most about Fortinet FortiADC?
    Top Answer:The user interface is very easy and integrates with Sandbox easily.
    Read all 14 answers   →
    Ranking
    3rd
    out of 74 in Application Security Tools
    Views
    34,421
    Comparisons
    22,362
    Reviews
    21
    Average Words per Review
    513
    Rating
    7.7
    8th
    out of 24 in Application Delivery Controllers (ADC)
    Views
    4,691
    Comparisons
    3,763
    Reviews
    10
    Average Words per Review
    507
    Rating
    7.9
    Comparisons
    Also Known As
    FortiADC Application Delivery Controller, FortiADC
    Learn More
    Checkmarx
    Fortinet
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Fortinet FortiADC is a robust application delivery controller (ADC) that delivers application optimization, application security, and application availability. FortiADC is a valued offering from Fortinet, which is widely recognized as a trusted supplier of dynamic security solutions worldwide. FortiADC offers dynamic security functions (AV, DDoS, and WAF) in addition to advanced application connectors for a simplified deployment and complete transparency to an organization's networks and applications. FortiADC offers three primary deployment options: physical machine, virtual machine, (VM) and cloud solution options.

    Fortinet FortiADC Benefits

    • FortiADC security protocol: FortiADC integrates with FortiSandbox to improve the overall antivirus security protections where every file is scanned for known and unknown malicious risks. If a file is identified as malicious or problematic, it will be blocked in the future.

    • SSL protocol: FortiADC securely uses the most up-to-date cryptography to provide exceptional encryption and decryption using a hardware-based SSL ASIC. FortiADC offers complete transparency to inspect all traffic for threats, improves server response time, and reduces backend server load, SSL inspection and SSL offloading. FortiADC integrates seamlessly with Gemalto’s SafeNet Hardware Security Module (HSM).

    • FortiADC connectors: FortiADC Fabric Connectors offer open API-based integration and coordination with numerous software-defined networks (SDNs), third-party partners, and cloud management providers. Fortinet Fabric Connectors provide deep open and turnkey integration with recognized third-party vendors such as AWS, K8s, OCI, and SAP, in multi-vendor solutions, improving scalability, simplified management, and automation.

    • Business stability: FortiADC load balancing for on-premise global server load balancing (GSBL) and in the cloud (FortiGSBL Cloud) will ensure users can maintain a reliable and available network by improving the ability of scaling applications throughout numerous data centers to reduce application response times and enhance disaster recovery. Users are able to define protocols based on network latency concerns, overall data performance, and site availability.

    Fortinet FortiADC Features

    • Application availability

      • 4-7 application load balancing: DNS, HTTPS, RTMP, RADIUS, MySQL and more

      • External fabric connectors: Splunk Integration, AWS/OCI Connector, Kubernetes Service.

      • Security fabric connectors: FortiSIEM, Fortigate BanIP Integration, FortiAnalyzer, and more.

      • Deployment modes: High availability (AA/AP Failover), Router mode, transparent mode (switch), one-arm mode (proxy with X-forwarded for support.

    • Web application firewall (WAF)

      • Security services: Captcha support, cookie support, HTTP header security, XML/SOAP/JSON validation, CSRF protection, API gateway, and more.

      • Application security: Web attack signature, bot detection, web vulnerability scanner, OWASP Top-10 Wizard, API protection and more.
    • Application enhancement

      • HTTP and TCP improvement: TCP buffering, HTTP compressions/decompression, HTTP caching (dynamic and static objects), Bandwidth monitoring using quality of service (QoS), TCP buffering, and more.

      • Authentication offloading: Two-factor authentication (Fortitoken/Fortitoken Cloud and Google Authentication), NTLM, AUTH2.0, SAML 2.0 (SP and Idp) RADIUS, LDAP, Kerbos, and local.

      • Networking: Integration with Ansible, Cisco ACI, OpenStack and Nutanix, NVGRE and VXLAN support, VLAN and port trunking support, IPv6 Support (SLB, firewall, routing and interfaces), Dynamic NAT, Hide NAT, Static NAT for added scalability and flexibility.

      • Management: Syslog support, SNMP using private MIBs with threshold-based traps. REST APIs, VDOMS, data analytics, real-time monitoring graphs, role-based monitoring, intuitive reporting, FortiView integration, and more.

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Black Gold Regional Schools, Amadeus Hospitality, Jefferson County, Chunghwa Telecom, City of Boroondara, Dimension Data
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Non Tech Company14%
    Government14%
    Comms Service Provider14%
    Educational Organization14%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Government9%
    Financial Services Firm9%
    Comms Service Provider8%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    REVIEWERS
    Small Business47%
    Midsize Enterprise24%
    Large Enterprise29%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise19%
    Large Enterprise54%
    Buyer's Guide
    Application Security Tools
    April 2024
    Download Free Report
    Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: April 2024.
    DOWNLOAD NOW
    770,292 professionals have used our research since 2012.

    Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortinet FortiADC is ranked 8th in Application Delivery Controllers (ADC) with 19 reviews. Checkmarx One is rated 7.6, while Fortinet FortiADC is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortinet FortiADC writes "High-level load balancing and routing protocols but scalability is limited to 200 gigabits". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortinet FortiADC is most compared with F5 BIG-IP Local Traffic Manager (LTM), Fortinet FortiWeb, Citrix NetScaler, Kemp LoadMaster and A10 Networks Thunder ADC.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.