We performed a comparison between Checkmarx One and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The only thing I like is that Checkmarx does not need to compile."
"The most valuable features of Checkmarx are difficult to pinpoint because of the way the functionalities and the features are intertwined, it's difficult to say which part of them I prefer most. You initiate the scan, you have a scan, you have the review set, and reporting, they all work together as one whole process. It's not like accounting software, where you have the different features, et cetera."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"The UI is user-friendly."
"The value you can get out of the speedy production may be worth the price tag."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"Our static operation security has been able to identify more security issues since implementing this solution."
"We use the solution for security testing."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"It scans while you navigate, then you can save the requests performed and work with them later."
"Automatic scanning is a valuable feature and very easy to use."
"The solution is good at reporting the vulnerabilities of the application."
"The solution has tightened our security."
"You can run it against multiple targets."
"Checkmarx could improve by reducing the price."
"The pricing can get a bit expensive, depending on the company's size."
"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."
"The solution's user interface could be improved because it seems outdated."
"In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now."
"Checkmarx needs to be more scalable for large enterprise companies."
"I really would like to integrate it as a service along with the SAP HANA Cloud Platform. It will then be easy to use it directly as a service."
"The reports are good, but they still need to be improved considering what the UI offers."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The documentation is lacking and out-of-date, it really needs more love."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"It doesn't run on absolutely every operating system."
"There's very little documentation that comes with OWASP Zap."
Checkmarx One is ranked 3rd in Application Security Testing (AST) with 67 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Checkmarx One is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Fortify Application Defender, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Fortify WebInspect. See our Checkmarx One vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.