We performed a comparison between Checkmarx One and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."
"It is very useful because it fits our requirements. It is also easy to use. It is not complex, and we are satisfied with the results."
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx."
"One of the most valuable features is it is flexible."
"From my point of view, it is the best product on the market."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"Vulnerability details is valuable."
"The SAST component was absolutely 100% stable."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"The product prevents possible vulnerabilities in our network."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"The cost per user is high and should be reduced."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"I would like to see the tool’s pricing improved."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Checkmarx could improve the REST APIs by including automation."
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"I think the CxAudit tool has room for improvement. At the beginning you can choose a scan of a project, but in any event the project must be scanned again (wasting time)."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"The virus code updates are not frequent enough."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"The pricing does not seem to be competitive."
"There should be better visibility into the application."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"The product's pricing could be better."
More Qualys Web Application Scanning Pricing and Cost Advice →
Checkmarx One is ranked 3rd in Application Security Tools with 67 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Checkmarx One is rated 7.6, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Checkmarx One writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Checkmarx One is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Snyk. See our Checkmarx One vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.