Checkmarx vs Wallarm NG WAF comparison

Cancel
You must select at least 2 products to compare!
Checkmarx Logo
36,060 views|23,954 comparisons
Wallarm Logo
383 views|313 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Checkmarx and Wallarm NG WAF based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Checkmarx vs. Wallarm NG WAF Report (Updated: March 2019).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It's not an obstacle for developers. They can easily write their code and make it more secure with Checkmarx.""Vulnerability details is valuable.""Our static operation security has been able to identify more security issues since implementing this solution.""Less false positive errors as compared to any other solution.""The solution communicates where to fix the issue for the purpose of less iterations.""The value you can get out of the speedy production may be worth the price tag.""One of the most valuable features is it is flexible.""Both automatic and manual code review (CxQL) are valuable."

More Checkmarx Pros →

"Helps us to monitor situation in regards to attacks to our sites and prevents a lot of them."

More Wallarm NG WAF Pros →

Cons
"The product's reporting feature could be better. The feature works well for developers, but reports generated to be shared with external parties are poor, it lacks the details one gets when viewing the results directly from the Checkmarx One platform.""Its user interface could be improved and made more friendly.""With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too.""Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities.""Implementing a blackout time for any user or teams: Needs improvement.""The solution's user interface could be improved because it seems outdated.""There is nothing particular that I don't like in this solution. It can have more integrations, but the integrations that we would like are in the roadmap anyway, and they just need to deliver the roadmap. What I like about the roadmap is that it is going where it needs to go. If I were to look at the roadmap, there is nothing that is jumping out there that says to me, "Yeah. I'd like something else on the roadmap." What they're looking to deliver is what I would expect and forecast them to deliver.""The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."

More Checkmarx Cons →

"The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine."

More Wallarm NG WAF Cons →

Pricing and Cost Advice
  • "It is the right price for quality delivery."
  • "I believe pricing is better compared to other commercial tools."
  • "The pricing was not very good. This is just a framework which shouldn’t cost so much."
  • "The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security."
  • "It is a good product but a little overpriced."
  • "The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
  • "​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products."
  • "We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
  • More Checkmarx Pricing and Cost Advice →

  • "​Pricing must be cheaper than the competition and the licensing must be good.​"
  • More Wallarm NG WAF Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
    Top Answer:Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
    Top Answer:The solution's price is high and you pay based on the number of users.
    Ask a question

    Earn 20 points

    Ranking
    Views
    36,060
    Comparisons
    23,954
    Reviews
    20
    Average Words per Review
    455
    Rating
    7.7
    Views
    383
    Comparisons
    313
    Reviews
    0
    Average Words per Review
    0
    Rating
    N/A
    Comparisons
    SonarQube logo
    Compared 52% of the time.
    Veracode logo
    Compared 12% of the time.
    Fortify on Demand logo
    Compared 6% of the time.
    Snyk logo
    Compared 4% of the time.
    Coverity logo
    Compared 3% of the time.
    Also Known As
    Wallarm NG-WAF
    Learn More
    Overview

    Checkmarx is a highly accurate and flexible static code analysis product that allows organizations to automatically scan uncompiled code and identify hundreds of security vulnerabilities in all major coding languages and software frameworks. Checkmarx is available as a standalone product and can be effectively integrated into the software development lifecycle (SDLC) to streamline vulnerability detection and remediation. Checkmarx is trusted by leading organizations such as SAP, Samsung, and Salesforce.com.

    Checkmarx is a global leader in software security solutions for modern software development. Checkmarx delivers a comprehensive software security platform that unites with DevOps by scanning uncompiled source code for security vulnerabilities early in the development life cycle to reduce and remediate risk from software vulnerabilities. Using Checkmarx, teams avoid software security vulnerabilities managed via a single and unified dashboard without slowing down their delivery schedule.

    Checkmarx balances the needs of the entire organization, delivering seamless security from the start and throughout the entire software development life cycle. Checkmarx can be deployed on-premises in a private data center or hosted via a public cloud.

    Checkmarx Features

    Some of Checkmarx’s features include:

    • Source code scanning: Detect and repair more vulnerabilities before you release your code.

    • Open-source scanning: Find and eliminate the risks in your open-source code.

    • Interactive code scanning: Scan for vulnerabilities and runtime threats.

    • Open-source security for infrastructure as code: Identify and fix insecure IaC configurations that put your application at risk.

    Reviews from Real Users

    Checkmarx stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to secure their code with a single management dashboard and its high-speed scanning abilities.

    PeerSpot users note the effectiveness of these features. A CEO at a tech services company writes, “The most valuable features are the easy-to-understand interface, and it’s very user-friendly. We spend some time tuning to start scanning a new project, which is only a few clicks. A few simple tunes for custom rules and we can start our scan. We can do the work quickly and we don't need to compile the source code because Checkmarx does the work without compiling the project. The scanning is very quick. It's about 20,000 lines per hour, which is a good speed for scanning.”

    A director at a tech services company notes, “The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.”

    A senior manager at a manufacturing company writes, “The identification of verification-related security vulnerabilities is really important and one of the key things. It also identifies vulnerabilities for any kind of third-party tool coming into the system or any third-party tools that you are using, which is very useful for avoiding random hacking."

    Protect any API. In any environment. Against any threats.

    Wallarm is the platform Dev, Sec, and Ops teams choose to build cloud-native applications securely, monitor them for modern threats, and get alerted when threats arise. Whether you protect some of the legacy apps or brand new cloud-native APIs, Wallarm multi-cloud platform provides key components to secure your business against emerging threats.

    -> Robust protection for the entire application portfolio

    Mitigate threats against OWASP Top 10 threats, business logic abuse, bad bots, account takeover (ATO), and more. Get the robust API protection that no other WAF can provide.

    -> Quick integrations

    Setup cross-team workloads via your existing DevOps and security toolchain (SOARs, SIEMs). Setup triggers and noise-free alerts in Slack and other messengers, PagerDuty, and more.

    -> Blocking mode and compliance with no hassle

    Forget issues with false positives. Wallarm’s new libDetection and core signature-less attack detection provide low false positives from day one.

    -> Unparalleled visibility into malicious traffic

    Gain full insights about attacks and attackers in the responsive Wallarm Console. Enjoy the Dashboard, reach search, and reporting capabilities.

    -> Automated Incident Response

    Reduce manual analysis and noise level. Automated Threat Verification can dissect potentially harmful attacks from millions of random scans and report vulnerabilities.

    -> Understand Your Attack Surface

    You can’t protect what you don’t know. Utilize the attack surface and shadow resources to track changes. Identify misconfiguration issues and vulnerable applications and resources.

    Sample Customers
    YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
    Panasonic. Miro. Rappi. Wargaming. Gannett. Omio. Acronis. Workforce Software. Tipalti. SEMRush.
    Top Industries
    REVIEWERS
    Computer Software Company31%
    Financial Services Firm19%
    Comms Service Provider9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Financial Services Firm22%
    Computer Software Company15%
    Manufacturing Company9%
    Insurance Company5%
    VISITORS READING REVIEWS
    Computer Software Company14%
    Financial Services Firm12%
    Comms Service Provider8%
    Real Estate/Law Firm6%
    Company Size
    REVIEWERS
    Small Business38%
    Midsize Enterprise13%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise11%
    Large Enterprise72%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise14%
    Large Enterprise59%
    Buyer's Guide
    Checkmarx vs. Wallarm NG WAF
    March 2019
    Find out what your peers are saying about Checkmarx vs. Wallarm NG WAF and other solutions. Updated: March 2019.
    765,386 professionals have used our research since 2012.

    Checkmarx is ranked 3rd in Application Security Tools with 67 reviews while Wallarm NG WAF is ranked 29th in Web Application Firewall (WAF). Checkmarx is rated 7.6, while Wallarm NG WAF is rated 8.6. The top reviewer of Checkmarx writes "The report function is a great, configurable asset but sometimes yields false positives". On the other hand, the top reviewer of Wallarm NG WAF writes "Active threat detection and adaptive rules are the most valuable for us". Checkmarx is most compared with SonarQube, Veracode, Fortify on Demand, Snyk and Coverity, whereas Wallarm NG WAF is most compared with Salt Security, Noname Security, AWS WAF, F5 Advanced WAF and Cloudflare. See our Checkmarx vs. Wallarm NG WAF report.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.