Checkmarx One vs Tenable.io Web Application Scanning comparison

Checkmarx One

Read 67 Checkmarx One reviews

33,068 Views
21,374 Comparison Views

86% willing to recommend

Tenable.io Web Application ...

Read 14 Tenable.io Web Application Scanning reviews

3,450 Views
2,641 Comparison Views

92% willing to recommend

Checkmarx One

Tenable.io Web Application ...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Checkmarx One and Tenable.io Web Application Scanning based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Checkmarx One vs. Tenable.io Web Application Scanning Report (Updated: May 2024).

Buyer's Guide

Checkmarx One vs. Tenable.io Web Application Scanning

May 2024

Download the complete report

Helped 787,061 peers since 2012

Categories and Ranking

Checkmarx One

Ranking in Application Security Tools

3rd

Average Rating

7.6

Number of Reviews

Ranking in other categories

Static Application Security Testing (SAST) (3rd), Vulnerability Management (11th), Static Code Analysis (2nd), API Security (4th), DevSecOps (2nd), Risk-Based Vulnerability Management (5th)

Tenable.io Web Application ...

Ranking in Application Security Tools

24th

Average Rating

7.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Market share comparison

As of June 2024, in the Application Security Tools category, the market share of Checkmarx One is 13.2% and it decreased by 13.7% compared to the previous year. The market share of Tenable.io Web Application Scanning is 1.9% and it increased by 4.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Unique Categories:

Static Application Security Testing (SAST)

10.2%

Vulnerability Management

1.3%

No other categories found

Featured Reviews

KannanPadmanabhan

Senior Software Engineering Manager at a financial services firm with 10,001+ employees

Jan 13, 2023

Used for static comprehension testing and helps us detect vulnerabilities early

We mainly use this solution for static comprehension testing We use it for non-functional insight because it's a security vulnerability scanner. We can use Checkmarx for scanning anytime on our code base. We integrated that as part of our build-a-pipeline, and it helps us detect early. We have…

Read full review

Jahanzeb Feroze Khan

Assistant Manager Network Security at Institute of Business Administration, Karachi

Nov 14, 2023

The fundamental objective of this product is to enhance the overall security, be it through verification within the organization or at the user's end All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. We…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The UI is user-friendly."

"The report function is the solution's greatest asset."

"The setup is very easy. There is a lot of information in the documents which makes the install not difficult at all."

"The main thing we find valuable about Checkmarx is the ease of use. It's easy to initiate scans and triage defects."

"Checkmarx pinpoints the vulnerability in the code and also presents the flow of malicious input across the application."

"Our static operation security has been able to identify more security issues since implementing this solution."

"Less false positive errors as compared to any other solution."

"We use the solution to validate the source code and do SAST and security analysis."

More Checkmarx One pros

"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."

"The most effective feature of the product is the ability to scan the entire environment."

"Tenable.io Web Application Scanning is very easy to use."

"We can get detailed information about vulnerabilities."

"The solution's instant reports feature is the most effective for detecting threats."

"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."

"All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. Tenable.io Web Application Scanning is highly stable. I rate it a nine out ten. Since the solution works on the Cloud, it's highly scalable. I rate the scalability a nine out of ten. The setup of the solution is straightforward. The Return on Investment is substantial. I recommend the solution to all."

"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."

More Tenable.io Web Application Scanning pros

Cons

"Implementing a blackout time for any user or teams: Needs improvement."

"We would like to be able to run scans from our local system, rather than having to always connect to the product server, which is a longer process."

"The statistics module has a function that allows you to show some statistics, but I think it's limited. Maybe it needs more information."

"Checkmarx needs to be more scalable for large enterprise companies."

"Checkmarx being Windows only is a hindrance. Another problem is: why can't I choose PostgreSQL?"

"Checkmarx could improve by reducing the price."

"They could work to improve the user interface. Right now, it really is lacking."

"When we first ran it on a big project, there wasn't enough memory on the computer. It originally ran with eight gigabytes, and now it runs with 32. The software stopped at some point, and while I don't think it said it ran out of memory, it just said "stopped" and something else. We had to go to the logs and send them to the integrator, and eventually, they found a memory issue in the logs and recommended increasing the memory. We doubled it once, and it didn't seem enough. We doubled it again, and it helped."

More Checkmarx One cons

"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."

"The report customization needs to be better."

"The platform's technical support services could be better."

"The solution's dashboards could be improved and made more user-friendly."

"The reporting has a very limited customization capability."

"The technical support should be improved. Currently, some attacks are detected while others are not."

"It isn't easy to manage vulnerabilities in Tenable."

"It would be great if there were a dashboard that is more user-friendly."

More Tenable.io Web Application Scanning cons

Pricing and Cost Advice

"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."

"The interface used to create custom rules comes at an additional cost."

"The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies."

"The pricing was not very good. This is just a framework which shouldn’t cost so much."

"Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications)."

"Most of my customers opted for a perpetual license. They prefer to pay the highest amount up front for the perpetual license and then pay for additional support annually."

"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."

"Be cautious of the one-year subscription date. Once it expires, your price will go up."

More Checkmarx One pricing and cost advice

"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."

"It follows the same licensing scheme as Tenable.io and Tenable. sc."

"Tenable.io Web Application Scanning is expensive for small businesses."

"The pricing is okay."

"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."

"I rate the product's pricing a four out of ten."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

787,061 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

21%

Computer Software Company

15%

Manufacturing Company

Insurance Company

Computer Software Company

15%

Financial Services Firm

12%

Government

11%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What alternatives are there for Fortify WebInspect and Fortify SCA?

I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.

See all answers

What do you like most about Checkmarx?

Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.

See all answers

What is your experience regarding pricing and costs for Checkmarx?

The solution's price is high and you pay based on the number of users.

See all answers

What do you like most about Tenable.io Web Application Scanning?

The most effective feature of the product is the ability to scan the entire environment.

See all answers

What needs improvement with Tenable.io Web Application Scanning?

The platform's technical support services could be better.

See all answers

What advice do you have for others considering Tenable.io Web Application Scanning?

Implementing Tenable.io Web Application Scanning has been beneficial in identifying numerous vulnerabilities within application code. I rate its scanning capabilities in terms of user-friendliness ...

See all answers

Comparisons

SonarQube vs Checkmarx One

Compared 52% of the time

Veracode vs Checkmarx One

Compared 13% of the time

Fortify on Demand vs Checkmarx One

Compared 6% of the time

Snyk vs Checkmarx One

Compared 4% of the time

Coverity vs Checkmarx One

Compared 3% of the time

More Checkmarx One Competitors

Acunetix vs Tenable.io Web Application Scanning

Compared 28% of the time

Qualys Web Application Scanning vs Tenable.io Web Application Scanning

Compared 11% of the time

Fortify on Demand vs Tenable.io Web Application Scanning

Compared 11% of the time

PortSwigger Burp Suite Professional vs Tenable.io Web Application Scanning

Compared 10% of the time

SonarQube vs Tenable.io Web Application Scanning

Compared 9% of the time

More Tenable.io Web Application Scanning Competitors

Product Reports

Buyer's Guide

Checkmarx One

June 2024

Download Checkmarx One product report

Buyer's Guide

Application Security Tools

June 2024

Tenable.io Web Application Scanning report

Download Tenable.io Web Application Scanning product report

Learn More

Checkmarx

Tenable

Overview

Checkmarx One is an enterprise cloud-native application security platform focused on providing cross-tool, correlated results to help AppSec and developer teams prioritize where to focus time and resources.

Checkmarx One offers comprehensive application scanning across the SDLC:

Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
API security
Dynamic Application Security Testing (DAST)
Container security
IaC security
Correlation, prioritization, and risk management
Codebashing secure code training
AI security
Tech partnerships extending AppSec into runtime analysis
Developer tool integrations including: CI/CD tools, development frameworks, feedback tools, IDEs, programming languages and SCMs

Checkmarx One provides everything you need to secure application development from the first line of code through deployment and runtime in the cloud. With an ever-evolving set of AppSec engines, correlation and prioritization features, and AI capabilities, Checkmarx One helps consolidate expanding lists of AppSec tools and make better sense of results. Its capabilities are designed to provide an improved developer experience to build trust with development teams and ensure the success of your AppSec program investment.

Tenable.io Web Application Scanning safely, accurately and automatically scans your web applications, providing deep visibility into vulnerabilities and valuable context to prioritize remediation.

Sample Customers

YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC

IMDEX

Buyer's Guide

Checkmarx One vs. Tenable.io Web Application Scanning

May 2024

Free Report: Checkmarx One vs. Tenable.io Web Application Scanning

Find out what your peers are saying about Checkmarx One vs. Tenable.io Web Application Scanning and other solutions. Updated: May 2024.

DOWNLOAD NOW

787,061 professionals have used our research since 2012.

See our Checkmarx One vs. Tenable.io Web Application Scanning report.

See our list of best Application Security Tools vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.