Checkmarx vs Tenable.io Web Application Scanning comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Checkmarx and Tenable.io Web Application Scanning based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx vs. Tenable.io Web Application Scanning Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The solution improved the efficiency of our code security reviews. It helps tremendously because it finds hundreds of potential problems sometimes.""The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking.""The most valuable features of Checkmarx are the automation and information that it provides in the reports.""Vulnerability details is valuable.""The UI is user-friendly.""The solution has good performance, it is able to compute in 10 to 15 minutes.""It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx.""The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."

More Checkmarx Pros →

"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities.""Tenable provides the end analysis results covering all the published vulnerabilities and information on the market.""The most effective feature of the product is the ability to scan the entire environment.""We can get detailed information about vulnerabilities.""The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities.""The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful.""The solution is stable.""It is fully automated."

More Tenable.io Web Application Scanning Pros →

Cons
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to.""Checkmarx needs to be more scalable for large enterprise companies.""It is an expensive solution.""C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported.""If it is a very large code base then we have a problem where we cannot scan it.""The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode.""Checkmarx is not good because it has too many false positive issues.""They could work to improve the user interface. Right now, it really is lacking."

More Checkmarx Cons →

"The reporting has a very limited customization capability.""The report customization needs to be better.""The platform's technical support services could be better.""Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive.""They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap.""Tenable.io Web Application Scanning could improve by offering faster fuzzing.""The solution's dashboards could be improved and made more user-friendly.""Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."

More Tenable.io Web Application Scanning Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
  • More Checkmarx Pricing and Cost Advice →

  • "The pricing is okay."
  • "It follows the same licensing scheme as Tenable.io and Tenable. sc."
  • "The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
  • "Tenable.io Web Application Scanning is expensive for small businesses."
  • "The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."
  • "I rate the product's pricing a four out of ten."
  • More Tenable.io Web Application Scanning Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Top Answer:The solution's price is high and you pay based on the number of users.
    Top Answer:The most effective feature of the product is the ability to scan the entire environment.
    Top Answer:The platform's technical support services could be better.
    Top Answer:Implementing Tenable.io Web Application Scanning has been beneficial in identifying numerous vulnerabilities within application code. I rate its scanning capabilities in terms of user-friendliness an… more »
    Ranking
    Views
    36,060
    Comparisons
    23,954
    Reviews
    20
    Average Words per Review
    455
    Rating
    7.7
    Views
    3,823
    Comparisons
    2,964
    Reviews
    9
    Average Words per Review
    322
    Rating
    7.6
    Comparisons
    Learn More
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Tenable.io Web Application Scanning safely, accurately and automatically scans your web applications, providing deep visibility into vulnerabilities and valuable context to prioritize remediation.

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    IMDEX
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm22%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    REVIEWERS
    Computer Software Company25%
    Security Firm17%
    Educational Organization17%
    University8%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm13%
    Government11%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    REVIEWERS
    Small Business40%
    Midsize Enterprise20%
    Large Enterprise40%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    Checkmarx vs. Tenable.io Web Application Scanning
    March 2024
    Find out what your peers are saying about Checkmarx vs. Tenable.io Web Application Scanning and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    Checkmarx is ranked 3rd in Application Security Tools with 67 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. Checkmarx is rated 7.6, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of Checkmarx writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Tenable.io Web Application Scanning is most compared with Acunetix, SonarQube, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Fortify on Demand. See our Checkmarx vs. Tenable.io Web Application Scanning report.

    See our list of best Application Security Tools vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.