Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)
N/A
Mobile Security Framework (MobSF)
Score 8.0 out of 10
N/A
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for integration with CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.
N/A
Pricing
Checkmarx
Mobile Security Framework (MobSF)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Checkmarx
Mobile Security Framework (MobSF)
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Checkmarx
Mobile Security Framework (MobSF)
Considered Both Products
Checkmarx
Verified User
Anonymous
Chose Checkmarx
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into …
We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, …
In my opinion, MobSF is not as comprehensive as SonarQube. Both, however, do a very good job in scanning your code for vulnerabilities. Both do roughly the same things. The reports of SonarQube are more detailed though. The advantage that MobSF has over SonarQube is the price. …
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
MobSF is good for checking for vulnerabilities in your app. It will also give suggestions on how to address them. Another thing is can do is find code that may be incorrect. It is not, however, a substitute for a system that actually checks your code for proper use. It really is concentrated on security.
Checkmarx's usability is generally good, but it can be a bit complex for new users. The interface may take some time to get used to, especially for those unfamiliar with security tools. Once you become familiar with it, it’s effective and integrates well into development workflows.
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
In my opinion, MobSF is not as comprehensive as SonarQube. Both, however, do a very good job in scanning your code for vulnerabilities. Both do roughly the same things. The reports of SonarQube are more detailed though. The advantage that MobSF has over SonarQube is the price. One is free while the other is a paid solution (with several tiers). However, we use them together to get a more comprehensive scan.