Most Helpful Review
It shows in-depth code of where actual vulnerabilities are.
It gives the proper code flow of vulnerabilities and the number of occurrences.
The most valuable feature for me is the Jenkins Plugin.
Vulnerability details part.
Both automatic and manual code review (CxQL).
The solution communicates where to fix the issue for the purpose of less iterations.
Helps us check vulnerabilities in our SAP Fiori application.
The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions).
Among its key features: Detects and mitigates DDoS attacks at L3 to L7; negligible to zero false-positives; Generates and sends reports without the need for an expensive third-party solution.
It provides us with quite a handful of false positive issues. If Checkmarx could reduce this number, it would be a great tool to use.
I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time).
Updating and debugging of queries is not very convenient.
Implementing a blackout time for any user or teams: Needs improvement.
Integration into the SDLC (i.e. support for last version of SonarQube) could be added.
The resolutions should also be provided. For example, if the user faces any problem regarding an installation due to the internal security policies of their company, there should be a resolution offered.
I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service.
The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode.
All the thresholds that need to be configured should be included in the default so that user will not forget or misconfigure.
Pricing and Cost Advice
We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year).
Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications).
Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products.
It is a good product but a little overpriced.
The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies.
The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.
The pricing was not very good. This is just a framework which shouldn’t cost so much.
I believe pricing is better compared to other commercial tools.
Information Not Available
Compared 35% of the time.
Compared 28% of the time.
See more Checkmarx competitors »
Compared 13% of the time.
Compared 53% of the time.
Compared 15% of the time.
See more FortiDDoS competitors »
Compared 6% of the time.
Also Known As
|Also Known As||Fortinet DDoS|
Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.
Distributed Denial of Service (DDoS) attacks are ever-evolving and use a variety of technologies. To successfully combat these attacks, you need a dynamic, multi-layered security solution. FortiDDoS protects from both known and zero day attacks with very low latency. It’s easy to deploy and manage, and includes comprehensive reporting and analysis tools.
Learn more about Checkmarx.
Learn more about FortiDDoS
|Sample Customers||YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC||Black Gold Regional Schools, Amadeus Hospitality, Jefferson County, Chunghwa Telecom, City of Boroondara, Dimension Data|
VISITORS READING REVIEWS
No Data Available
VISITORS READING REVIEWS
No Data Available