We performed a comparison between Pentera and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Penetration Testing Services solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product is easy to use."
"Maybe there are some remediation steps on the website, we can mask sensitive information on the website better."
"The most valuable feature of Pentera is that you can do continuous vulnerability assessment, which is automated."
"What I like the most about Pentera is its solution-oriented approach."
"The vulnerability scanner, exploit achievements, and remediation actions are all great."
"What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."
"We use it to get our scan results and see where our software is vulnerable or not vulnerable."
"Veracode's most valuable aspect is continuous integration. It helps us integrate with other applications so that it can monitor the security process."
"The CI/CD integration is the most valuable feature of Veracode."
"Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation."
"Pentera's general dashboards could be improved and made more specific in terms of vulnerabilities that I'm discovering."
"The vulnerability scanner, exploit achievements, and remediation actions are all great."
"The price could be improved."
"Maybe scalability. I know that the Pentera right now is high level in order to scan big deals over 500 IPs and not less, and not less. That can be more granular. This will be useful."
"There is room for improvement in virtualization compatibility."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"It can be a bit complex because it takes a lot of time to have it complete the task."
"The documentation is poor and the technical support isn't helpful."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"Veracode has a few shortcomings in terms of how they handle certain components of the UI. For example, in the case of the false positive, it would be highly desirable if the false positive don't show up again on the UI, instead still showing up for any subsequent scan as a false positive. There is a little bit of cluttering that could be avoided."
"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."
"It's problematic if you want to integrate it with your pipelines because the documentation is not so well written and it's full of typos. It is not presented in a structured way. It does not say, "If you want to achieve this particular thing, you have to do steps 1, 2, and 3." Instead, it contains bits of information in different parts, and you have to read everything and then understand the big picture."
"We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process."
Pentera is ranked 2nd in Penetration Testing Services with 5 reviews while Veracode is ranked 3rd in Penetration Testing Services with 194 reviews. Pentera is rated 8.2, while Veracode is rated 8.2. The top reviewer of Pentera writes "A stable solution that can be used to do continuous and automated vulnerability assessments". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Pentera is most compared with Cymulate, Tenable Nessus, Picus Security, Horizon3.ai and HackerOne, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Pentera vs. Veracode report.
See our list of best Penetration Testing Services vendors.
We monitor all Penetration Testing Services reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.