Checkmarx vs. F5 Distributed Cloud API Security

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Checkmarx
Score 9.2 out of 10
N/A
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)N/A
F5 Distributed Cloud API Security
Score 9.1 out of 10
N/A
F5's Distributed Cloud API Security provides discovery and deep insights from use of AI/ML. It can be used to block API attacks in real time and eliminate vulnerabilities at their source. The SaaS-based portal enables users to manage and go deep for threat analytics, forensics, and troubleshooting of modern applications.N/A
Pricing
CheckmarxF5 Distributed Cloud API Security
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
CheckmarxF5 Distributed Cloud API Security
Free Trial
NoYes
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
CheckmarxF5 Distributed Cloud API Security
Features
CheckmarxF5 Distributed Cloud API Security
API Security
Comparison of API Security features of Product A and Product B
Checkmarx
-
Ratings
F5 Distributed Cloud API Security
9.0
Ratings
0% below category average
Data Protection00 Ratings9.00 Ratings
Audit Logging00 Ratings9.00 Ratings
Input Validation00 Ratings8.80 Ratings
Content Filtering00 Ratings8.80 Ratings
Denial of Service (DoS) Protection00 Ratings9.20 Ratings
Security Notification and Alerts00 Ratings9.20 Ratings
API Key Management00 Ratings9.20 Ratings
Cross-origin Resource Sharing (CORS) Protection00 Ratings9.00 Ratings
Best Alternatives
CheckmarxF5 Distributed Cloud API Security
Small Businesses
GitLab
GitLab
Score 8.7 out of 10
Cloudflare
Cloudflare
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
F5 Big-IP Advanced WAF
F5 Big-IP Advanced WAF
Score 9.3 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
F5 Big-IP Advanced WAF
F5 Big-IP Advanced WAF
Score 9.3 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
CheckmarxF5 Distributed Cloud API Security
Likelihood to Recommend
9.0
(0 ratings)
9.0
(0 ratings)
Likelihood to Renew
-
(0 ratings)
9.1
(0 ratings)
Usability
7.0
(0 ratings)
9.1
(0 ratings)
Implementation Rating
-
(0 ratings)
8.8
(0 ratings)
User Testimonials
CheckmarxF5 Distributed Cloud API Security
Likelihood to Recommend
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
Read full review
I believe it covers everything related to the applications' security aspects, but there are a lot of improvements that need to be made. For example, better granular controls like bot categories listed on the distributed console and a granular URL-based control for the rate-limiting option are needed.
Read full review
Pros
  • Supports a large number of languages
  • Finds a large variety of potential risks
Read full review
  • It auto-discovers APIs, even the ones engineers forget to document. Then profiles them without needing changes to our codebase.
  • Shadow API exposure.
  • It's pretty decent at abnormal behavior detection.
Read full review
Cons
  • DAST capability can be the one where it does not support native use case of using OTP based arch
  • API Scanning is something that lacks a bit due to not much customizations
  • Branch wise reports for SAST is not available
Read full review
  • More accurate detection of advanced persistent threats (APTs) targeting APIs.
  • A greater emphasis on checking APIs' schema and contract may prevent them from accepting misconfigurations or malicious input.
  • More customized, dynamic, and targeted protection for high-value APIs or high-risk user groups.
Read full review
Likelihood to Renew
No answers on this topic
F5 Distributed Cloud API Security provides robust API protection with solid threat detection, excellent visibility, and seamless integration into our architecture
Read full review
Usability
Checkmarx's usability is generally good, but it can be a bit complex for new users. The interface may take some time to get used to, especially for those unfamiliar with security tools. Once you become familiar with it, it’s effective and integrates well into development workflows.
Read full review
Great product. Working with F5 for many years, we found the products F5 provided are all cutting edge technology. Although in F5 Distributed Cloud API Security we still have a lot to find out, but we believe this experience will be very good. Especially on the security side. Trust in F5.
Read full review
Reliability and Availability
No answers on this topic
Always available
Read full review
Performance
No answers on this topic
The UI is cloud-native and generally responsive. Report generation is easy Integrates with cloud providers
Read full review
Support Rating
No answers on this topic
Lo hacemos mediante un partner We did it through a partner
Read full review
Implementation Rating
No answers on this topic
F5 Distributed Cloud API Security is our company looking forward product. With more and more API is using in both on prem, private cloud, public cloud and multi cloud environment, we as a financial institution, we are keep into the security settings to protect the information. That's the main reason we want to use this product.
Read full review
Alternatives Considered
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
Read full review
We ran a short POC with Salt. Its data classification and attack replay features were impressive. What held us back was the limited support for hybrid deployments and poor integration into our CI/CD pipelines, as F5 did.
Read full review
Scalability
No answers on this topic
Centralized policy management: You can manage API security policies consistently across locations without duplicating effort, which supports scaling.


API discovery and monitoring at scale: It automatically discovers APIs and monitors them in real time across large and complex environments.
Read full review
Return on Investment
  • Great diversity of vulnerabilities covered.
  • Quicker scans
  • They are feature rich compared to other tools I used in the past.
  • Dashboards are not customizable enough.
  • High number of false positives take up time and sometimes make our report look bad.
Read full review
  • F5 Distributed Cloud API Security mitigates many API-related security threats, including bot attacks, DDoS, data breaches, and unauthorized access attempts.
  • F5 Distributed Cloud API Security uses robust threat detection, machine learning, and real-time monitoring for speedier identification.
  • Reductions in security events result in fewer breaches, reduced downtime, and lower attack remediation costs.
Read full review
ScreenShots

F5 Distributed Cloud API Security Screenshots

Screenshot of Screenshot of Screenshot of