We performed a comparison between Fortify WebInspect and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The accuracy of its scans is great."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"The solution's technical support was very helpful."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The most valuable feature is the static analysis."
"Good at scanning and finding vulnerabilities."
"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"Veracode is a valuable tool in our secure SDLC process."
"The integration with DevOps pipelines is seamless."
"It has the ability to statically scan your source code before it goes to production. It can be scanned within your testing or development environment, and that is very useful. And good explanations of all the vulnerabilities in your source code help take care of those issues in future code implementation as well."
"It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results."
"Veracode has good support for microservices, and I also like the sandbox environment. For example, when introducing a new component, we can scan it in a sandbox environment. It will not impact the main environment. When our team fixes it, they. can push it to the production environment when the results are acceptable."
"It has an easy-to-use interface."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"The scanner could be better."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The initial setup was complex."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"We have often encountered scanning errors."
"Veracode Static Analysis can improve the false positive. There are always improvements that can be done to the false positive rate. There are some things that get flagged that are not an issue. However, it is not a huge concern."
"There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking."
"One concern is that scans take a long time to run. We scan at the end of the day because we know it will take a lot of time. We leave it to run and the report will be generated by the next day when we arrive. The scanning time could be reduced."
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it."
"I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help."
"It would help to have more training for developers to help them set it up."
"Veracode can be improved in terms of software composition analysis and related vulnerabilities."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Fortify WebInspect is rated 7.0, while Veracode is rated 8.2. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Fortify WebInspect vs. Veracode report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.