Checkmarx SAST surpasses its competitors by offering seamless integration into SDLC, providing comprehensive code coverage, and delivering accurate, fast results that enhance developer efficiency without disrupting workflow, making it an ideal solution for modern software security needs.
I think that we pay approximately $100 USD per month.
The price is okay.
I think that we pay approximately $100 USD per month.
The price is okay.
Veracode is a cloud-based application security platform that enables organizations to detect, mitigate, and prevent vulnerabilities throughout the software development lifecycle while supporting scalability and integration with DevOps workflows.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background.
The pricing is pretty high.
OWASP Zap is a powerful tool used for security and vulnerability testing of applications. Its primary use case includes scanning pipelines, dynamic testing, penetration testing, and vulnerability scanning. OWASP Zap's most valuable functionality is its ability to scan and fix vulnerabilities, provide clear explanations in reports, and discover more vulnerabilities compared to other tools. It helps organizations by improving application security, reducing the need for external testers, and strengthening overall security.
It is highly recommended as it is an open source tool.
It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy.
It is highly recommended as it is an open source tool.
It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Try the free trial of the product to understand the basic working mechanisms.
It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.
Try the free trial of the product to understand the basic working mechanisms.
Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.
We never had any issues with the licensing; the price was within our assigned limits.
It is competitive in the security market.
We never had any issues with the licensing; the price was within our assigned limits.
It is competitive in the security market.
Klocwork detects security, safety, and reliability issues in real-time by using this static code analysis toolkit that works alongside developers, finding issues as early as possible, and integrates with teams, supporting continuous integration and actionable reporting.
Klocwork should not to be quite so heavy handed on the licensing for very specific programs.
Licensing fees are paid annually, but they also have a perpetual license.
Klocwork should not to be quite so heavy handed on the licensing for very specific programs.
Licensing fees are paid annually, but they also have a perpetual license.
Aikido Security enhances security management with advanced analytics and threat detection. Valuable features include real-time insights and comprehensive reporting. Users appreciate efficient data handling but identify room for improvement in integration capabilities. Aikido Security addresses critical vulnerabilities effectively, aligning with enterprise needs.
Apiiro is the leader in application security posture management (ASPM), unifying risk visibility, prioritization, and remediation with deep code analysis and runtime context.
Cycode secures code throughout the development lifecycle by automating security standards and detecting misconfigurations in repositories. It addresses code scanning, fixes vulnerabilities, monitors insider threats, and secures CI/CD pipelines. Valued for robust security, efficient code scanning, integration with development tools, compliance checks, and detailed reports. Enhanced integration capabilities and clearer documentation needed.
GitHub Code Scanning is a moderately priced solution.
The minimum pricing for the tool is five dollars a month.
GitHub Code Scanning is a moderately priced solution.
The minimum pricing for the tool is five dollars a month.
Ox Security is used for digital security management, focusing on threat detection, vulnerability management, and compliance monitoring. Users appreciate its real-time insights, automation features, and ease of integration. While its intuitive dashboard and customer support are strengths, some users desire more customization and system performance improvements.
Arnica enhances collaboration with intuitive tools and real-time data integration. It offers efficient project management and streamlined workflows. Users appreciate its customizable features but note the need for improved customer support. While it provides robust functionalities, some find it lacking in advanced reporting capabilities.
NowSecure experts have conducted advanced pen testing for some of the world's most demanding organizations - including banks, insurance companies, government agencies, healthcare organizations, retail conglomerates, high-tech businesses, and more. Mobile apps are prone to sensitive data leakages and attacks, yet a manual test for just one app can take several weeks. To enable faster, more frequent testing, we built a test engine that successfully automates repeatable and time-consuming mobile appsec testing, remediation and reporting tasks. The result - the foundation of the NowSecure platform, which significantly reduces testing time and costs without compromising full depth of security coverage.
