We performed a comparison between Checkmarx One and Fortinet FortiWeb based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Checkmarx are the SCA module and the code-checking module. Additionally, the solutions are explanatory and helpful."
"The most valuable feature for me is the Jenkins Plugin."
"It shows in-depth code of where actual vulnerabilities are."
"Scan reviews can occur during the development lifecycle."
"What I like best about Checkmarx is that it has fewer false positives than other products, giving you better results."
"The product's most valuable feature is static code and supply chain effect analysis. It provides a lot of visibility."
"The process of remediating software security vulnerabilities can now be performed (ongoing) as portions of the application are being built in advance of being compiled."
"We use the solution to validate the source code and do SAST and security analysis."
"The solution is stable."
"The most valuable feature is the attack signature and machine learning."
"The customers are very happy with this solution because of two things. First, the IPS integration with a web application is very tightly done on Fortinet. Second, the ease of use is there. The management interface or the GUI interface is very easy to use, configure, and manage. These are the two main valuable features. It supports integration with other Fortinet products. It also integrates very well with the firewall and sandboxing technology. They already have enough integration with different technologies. They have got a complete tech intelligence view of the whole product."
"Fortinet FortiWeb is priced well."
"The most valuable feature of Fortinet FortiWeb is the ease of integration and configuration."
"Security Fabric integration. This is really a value-added feature as FortiWeb can interact with the rest of the client’s Fortinet pack to provide an intelligent security layer like (FortiSIEM for central log management and correlation, FortiGate, FortiSandbox for malware analysis, etc.)."
"The solution has a very simple deployment."
"One main feature we are very happy about is file security and upload functionality."
"Checkmarx could improve the REST APIs by including automation."
"The interactive application security testing, or IAST, the interactive part where you're looking at an application that lives in a runtime environment on a server or virtual machine, needs improvement."
"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."
"The plugins for the development environment have room for improvements such as for Android Studio and X code."
"Creating and editing custom rules in Checkmarx is difficult because the license for the editor comes at an additional cost, and there is a steep learning curve."
"Implementing a blackout time for any user or teams: Needs improvement."
"Checkmarx could improve the speed of the scans."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"I would like to see more improvements with respect to threat intelligence."
"The memory use in each of the appliances is problematic."
"The dashboard evaluating the performance of each application connected to the web app's firewall is quite helpful, but the tool is only available in application performance management. So I think if Fortinet could better integrate that particular feature, it would add a lot of value to the product."
"The reporting could be optimized."
"The solution could offer more integration opportunities."
"The GUI could be better. It's limited."
"We use Kubernetes, so I would like to have a plugin to configure FortiWeb Cloud automatically using Kubernetes Ingress. That would reduce the complexity of setting up an Ingress object in Kubernetes. Some competing solutions help you configure Ingress and Kubernetes automatically."
"It is not entirely user-friendly."
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Fortinet FortiWeb is ranked 4th in Web Application Firewall (WAF) with 83 reviews. Checkmarx One is rated 7.6, while Fortinet FortiWeb is rated 8.0. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Fortinet FortiWeb writes "Cost-effective, easy to configure, and works very well as a single solution for multiple environments". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Fortinet FortiWeb is most compared with F5 Advanced WAF, Fortinet FortiADC, AWS WAF, Azure Web Application Firewall and Imperva Web Application Firewall. See our Checkmarx One vs. Fortinet FortiWeb report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
