Try our new research platform with insights from 80,000+ expert users

Acunetix vs Checkmarx One comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Acunetix
Ranking in Vulnerability Management
23rd
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
32
Ranking in other categories
Application Security Tools (17th), Static Application Security Testing (SAST) (14th), DevSecOps (6th)
Checkmarx One
Ranking in Vulnerability Management
21st
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (8th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
AnubhavGoswami - PeerSpot reviewer
Attractive automated reports with boost user productivity and an easy setup
The primary use is mainly related to vulnerability assessment, including both public and internal IP addresses By using this tool, we have reduced the workload and increased the productivity of users. It generates automated reports. This feature is beneficial when sharing reports with clients as…
Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"There is a lot of documentation on their website which makes setting it up and using it quite simple."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"It generates automated reports."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"One of the most valuable features is it is flexible."
"The solution is always updating to continuously add items that create a level of safety from vulnerabilities. It's one of the key features they provide that's an excellent selling point. They're always ahead of the game when it comes to finding any vulnerabilities within the database."
"Most valuable features include: ease of use, dashboard. interface and the ability to report."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
"We use the solution for dynamic application testing."
"The most valuable features of Checkmarx are the automation and information that it provides in the reports."
"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."
"Apart from software scanning, software composition scanning is valuable."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Integration into other tools is very limited for Acunetix. While we're trying to incorporate a CI/CD process where we're integrating with JIRA and we're integrating with Jenkins and Chef, it becomes problematic. Other tools give you a high integration capability to connect into different solutions that you may already have, like JIRA."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"The pricing is a bit on the higher side."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"The solution is generally stable, however, there might be room for improvement regarding glitches or bugs."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"Integration into the SDLC (i.e. support for last version of SonarQube) could be added."
"The solution sometimes reports a false auditable code or false positive."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"We want to have a holistic view of the portfolio-level dashboard and not just an individual technical project level."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
 

Pricing and Cost Advice

Information not available
"It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."
"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."
"When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."
"The pricing is a little high, and moreover, it's kind of domain-based."
"All things considered, I think it has a good price/value ratio."
"The costs aren't very expensive. It costs around $3000 or $4000."
"When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted."
"Acunetix was around the same price as all the other vendors we looked at, nothing special."
"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."
"The solution's price is high and you pay based on the number of users."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
"The tool's pricing is fine."
"It is the right price for quality delivery."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"The number of users and coverage for languages will have an impact on the cost of the license."
"It's relatively expensive."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
University
6%
Manufacturing Company
6%
Computer Software Company
18%
Financial Services Firm
14%
Government
9%
Manufacturing Company
8%
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
What do you like most about Acunetix Vulnerability Scanner?
The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning t...
What is your primary use case for Acunetix Vulnerability Scanner?
I typically use Acunetix ( /products/acunetix-reviews ) to identify vulnerabilities for clients.
What advice do you have for others considering Acunetix Vulnerability Scanner?
I would recommend Acunetix to others. Overall, I rate this solution seven out of ten.
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
 

Also Known As

No data available
AcuSensor
No data available
 

Overview

 

Sample Customers

Information Not Available
Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Find out what your peers are saying about Acunetix vs. Checkmarx One and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.