Most Helpful Review
Acts as the first check point during our consulting for apps that are looking for a security assessment or...
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
It is a stable product.
Most valuable features include: ease of use, dashboard. interface and the ability to report.
It shows in-depth code of where actual vulnerabilities are.
It gives the proper code flow of vulnerabilities and the number of occurrences.
The most valuable feature for me is the Jenkins Plugin.
Vulnerability details is valuable.
Both automatic and manual code review (CxQL) are valuable.
The solution communicates where to fix the issue for the purpose of less iterations.
This solution can protect Layer 3, Layer 4 and Layer 7 attacks of applications for us.
Among its key features: Detects and mitigates DDoS attacks at L3 to L7; negligible to zero false-positives; Generates and sends reports without the need for an expensive third-party solution.
It is an expensive solution.
It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use.
I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time).
Updating and debugging of queries is not very convenient.
Implementing a blackout time for any user or teams: Needs improvement.
Integration into the SDLC (i.e. support for last version of SonarQube) could be added.
The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered.
I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service.
I find that there have been issues in the past year with the solution hanging. It freezes often.
All the thresholds that need to be configured should be included in the default so that user will not forget or misconfigure.
Pricing and Cost Advice
It is an expensive solution.
Be cautious of the one-year subscription date. Once it expires, your price will go up.
We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year).
Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications).
Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products.
It is a good product but a little overpriced.
The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies.
Information Not Available
out of 32 in Application Security
out of 24 in DDoS
Compared 40% of the time.
Compared 21% of the time.
Compared 11% of the time.
Compared 56% of the time.
Compared 15% of the time.
Compared 8% of the time.
Also Known As
Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.
Distributed Denial of Service (DDoS) attacks are ever-evolving and use a variety of technologies. To successfully combat these attacks, you need a dynamic, multi-layered security solution. FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.
Sign up for free
Learn more about FortiDDoS
|YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC||Black Gold Regional Schools, Amadeus Hospitality, Jefferson County, Chunghwa Telecom, City of Boroondara, Dimension Data|
Financial Services Firm57%
Comms Service Provider14%
Software R&D Company14%
Financial Services Firm23%
Software R&D Company6%
No Data Available
No Data Available