Try our new research platform with insights from 80,000+ expert users

Acunetix vs Checkmarx One comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Acunetix
Ranking in Vulnerability Management
23rd
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
32
Ranking in other categories
Application Security Tools (17th), Static Application Security Testing (SAST) (14th), DevSecOps (6th)
Checkmarx One
Ranking in Vulnerability Management
21st
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
70
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Static Code Analysis (2nd), API Security (3rd), DevSecOps (2nd), Risk-Based Vulnerability Management (8th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
AnubhavGoswami - PeerSpot reviewer
Attractive automated reports with boost user productivity and an easy setup
The primary use is mainly related to vulnerability assessment, including both public and internal IP addresses By using this tool, we have reduced the workload and increased the productivity of users. It generates automated reports. This feature is beneficial when sharing reports with clients as…
Rohit Kesharwani - PeerSpot reviewer
Provides good security analysis and security identification within the source code
We integrate Checkmarx into our software development cycle using GitLab's CI/CD pipeline. Checkmark has been the most helpful for us in the development stage. The solution's incremental scanning feature has impacted our development speed. The solution's vulnerability detection is around 80% to 90% accurate. I would recommend Checkmarx to other users because it is one of the good tools for doing security analysis and security identification within the source code. Overall, I rate Checkmarx a nine out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"The product is really easy to use."
"The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"By integrating with CI/CD tools, it enables a shift-left approach in the development process."
"I find it to be one of the most comprehensive tools, with support for manual intervention."
"The usability and overall scan results are good."
"The most important feature is that it's a web-based graphical user interface. That is a great addition. Also, the ability to schedule scans is great."
"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before."
"The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."
"It shows in-depth code of where actual vulnerabilities are."
"The most valuable feature of Checkmarx is the user interface, it is very easy to use. We do not need to configure anything, we only have to scan to see the results."
"Less false positive errors as compared to any other solution."
"The solution communicates where to fix the issue for the purpose of less iterations."
"The most valuable features are the easy to understand interface, and it 's very user-friendly."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Acunetix needs to include agent analysis."
"There's a clear need for a reduction in pricing to make the service more accessible."
"The solution can be improved by adding the ability to scan subdomains automatically, and by providing reports that can be exported to external databases to share with other solutions."
"We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."
"We can run only one project at a time."
"C, C++, VB and T-SQL are not supported by this product. Although, C and C++ were advertised as being supported."
"Checkmarx has a slightly difficult compilation with the CI/CD pipeline."
"The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode."
"The reports are good, but they still need to be improved considering what the UI offers."
"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"
"Checkmarx could improve the REST APIs by including automation."
"Checkmarx needs to improve the false positives and provide more accuracy in identifying vulnerabilities. It misses important vulnerabilities."
 

Pricing and Cost Advice

Information not available
"It is a bit expensive. If you need to check five applications, you have to pay almost 14,000. It is an agreement for two years at 7,000 per year for only five applications. You cannot change the applications in the license. So, you are stuck with the same license for the five applications for one full year."
"When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted."
"The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable."
"The cost is based on two types of licenses, ConsultLite, and ConsultPlus, as well as the number of domains that are scanned."
"I would say that Acunetix is expensive because there are products on the market with similar features that are equally or better-priced."
"Implementing Acunetix needs a medium or larger business agency, because you need some money to get Acunetix. It is costly, but if you care about your agency's security, then maybe it's a cost that might help you in the future."
"When compared with other products, the pricing is a little bit high. But it gives value for the price. It serves the purpose and is worthwhile for the price we pay."
"The costs aren't very expensive. It costs around $3000 or $4000."
"We have a subscription license that is on a yearly basis, and it's a pretty competitive solution."
"The solution's price is high and you pay based on the number of users."
"It's relatively expensive."
"We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year)."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"It is a good product but a little overpriced."
"Its price is fair. It is in or around the right spot. Ultimately, if the price is wrong, customers won't commit, but they do tend to commit. It is neither too cheap nor too expensive."
"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
Manufacturing Company
7%
Retailer
6%
Computer Software Company
18%
Financial Services Firm
14%
Government
9%
Manufacturing Company
8%
Financial Services Firm
21%
Computer Software Company
14%
Manufacturing Company
10%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
While Zafran Security is already a powerful tool, there are areas where it could be further improved to provide even ...
What is your primary use case for Zafran Security?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In toda...
What do you like most about Acunetix Vulnerability Scanner?
The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning t...
What is your primary use case for Acunetix Vulnerability Scanner?
I typically use Acunetix ( /products/acunetix-reviews ) to identify vulnerabilities for clients.
What advice do you have for others considering Acunetix Vulnerability Scanner?
I would recommend Acunetix to others. Overall, I rate this solution seven out of ten.
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as ...
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
The pricing is relatively expensive due to the product's quality and performance, but it is worth it.
 

Also Known As

No data available
AcuSensor
No data available
 

Overview

 

Sample Customers

Information Not Available
Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Find out what your peers are saying about Acunetix vs. Checkmarx One and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.