Compare Checkmarx vs. OWASP Zap

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
47,905 views|34,598 comparisons
OWASP Zap Logo
32,884 views|22,324 comparisons
Most Helpful Review
Find out what your peers are saying about Checkmarx vs. OWASP Zap and other solutions. Updated: May 2021.
479,323 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete.""Our static operation security has been able to identify more security issues since implementing this solution.""Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before.""The most valuable features are the easy to understand interface, and it 's very user-friendly.""The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database.""The user interface is excellent. It's very user friendly.""The most valuable feature is the simple user interface.""The reports are very good because they include details on the code level, and make suggestions about how to fix the problems."

More Checkmarx Pros »

"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool.""The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information.""The scalability of this product is very good.""Automatic updates and pull request analysis.""Simple to use, good user interface.""The interface is easy to use.""The solution is good at reporting the vulnerabilities of the application.""The stability of the solution is very good."

More OWASP Zap Pros »

Cons
"The reports are good, but they still need to be improved considering what the UI offers.""It would be really helpful if the level of confidence was included, with respect to identified issues.""Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?""We have received some feedback from our customers who are receiving a large number of false positives.""In terms of dashboarding, the solution could provide a little more flexibility in terms of creating more dashboards. It has some of its own dashboards that come out of the box. However, if I have to implement my own dashboards that are aligned to my organization's requirements, that dashboarding feature has limited capability right now.""The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated.""I would like to see the rate of false positives reduced.""You can't use it in the continuous delivery pipeline because the scanning takes too much time."

More Checkmarx Cons »

"There's very little documentation that comes with OWASP Zap.""The automated vulnerability assessments that the application performs needs to be simplified as well as diversified.""I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help.""I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers.""Deployment is somewhat complicated.""Too many false positives; test reports could be improved.""The documentation needs to be improved because I had to learn everything from watching YouTube videos.""It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."

More OWASP Zap Cons »

Pricing and Cost Advice
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution.""This solution is expensive. The customized package allows you to buy additional users at any time.""It's relatively expensive.""The interface used to create custom rules comes at an additional cost.""The number of users and coverage for languages will have an impact on the cost of the license.""Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."

More Checkmarx Pricing and Cost Advice »

"OWASP Zap is free to use.""This app is completely free and open source. So there is no question about any pricing.""This is an open-source solution and can be used free of charge."

More OWASP Zap Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
479,323 professionals have used our research since 2012.
Questions from the Community
Top Answer: I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
Top Answer: I’ve always viewed sonarqube as a code quality tool that compliments many code security tools like a checkmarx. 
Top Answer: SonarQube depends on completely what you configure the Rules. You will have the option of the Profile creation and can be assigned to the Projects. If you configure the project --> under them services… more »
Top Answer: The stability of the solution is very good.
Top Answer: The solution is open-source. It doesn't cost anything to use it.
Top Answer: The technical support could be improved. It doesn't offer traditional technical support at all. It would be a great improvement if they could include a marketplace to add extra features to the tool… more »
Ranking
Views
47,905
Comparisons
34,598
Reviews
15
Average Words per Review
618
Rating
7.8
Views
32,884
Comparisons
22,324
Reviews
9
Average Words per Review
452
Rating
7.4
Popular Comparisons
Learn More
Overview

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

Zed Attack Proxy (ZAP) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible.

Offer
Learn more about Checkmarx
Learn more about OWASP Zap
Sample Customers
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
Top Industries
REVIEWERS
Computer Software Company38%
Financial Services Firm25%
Pharma/Biotech Company13%
Engineering Company6%
VISITORS READING REVIEWS
Computer Software Company32%
Financial Services Firm15%
Comms Service Provider13%
Insurance Company5%
REVIEWERS
Computer Software Company22%
Retailer11%
Manufacturing Company11%
Transportation Company11%
VISITORS READING REVIEWS
Computer Software Company32%
Comms Service Provider23%
Government6%
Media Company5%
Company Size
REVIEWERS
Small Business31%
Midsize Enterprise19%
Large Enterprise50%
VISITORS READING REVIEWS
Small Business15%
Midsize Enterprise29%
Large Enterprise56%
REVIEWERS
Small Business16%
Midsize Enterprise26%
Large Enterprise58%
Find out what your peers are saying about Checkmarx vs. OWASP Zap and other solutions. Updated: May 2021.
479,323 professionals have used our research since 2012.

Checkmarx is ranked 2nd in Application Security Testing (AST) with 19 reviews while OWASP Zap is ranked 6th in Application Security Testing (AST) with 10 reviews. Checkmarx is rated 7.8, while OWASP Zap is rated 7.4. The top reviewer of Checkmarx writes "Works well with Windows servers but no Linux support and takes too long to scan files". On the other hand, the top reviewer of OWASP Zap writes "Inexpensive licensing, free to use, and has good community support". Checkmarx is most compared with SonarQube, Veracode, Micro Focus Fortify on Demand, Coverity and Sonatype Nexus Lifecycle, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, Acunetix Vulnerability Scanner, Veracode, Qualys Web Application Scanning and Netsparker Web Application Security Scanner. See our Checkmarx vs. OWASP Zap report.

See our list of best Application Security Testing (AST) vendors.

We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.