• Home
  • CAST Application Intelligence Platform vs. Veracode

CAST Application Intelligence Platform vs Veracode comparison

Cancel
You must select at least 2 products to compare!
CAST Logo
CAST Application Intelligence Platform
Read 4 CAST Application Intelligence Platform reviews
1,014 views|687 comparisons
83% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
25,659 views|17,158 comparisons
90% willing to recommend
Comparison Buyer's Guide
Executive Summary

We performed a comparison between CAST Application Intelligence Platform and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Snyk, CAST and others in Software Development Analytics.
Featured Review
Vishal-Goyal
Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry
Deepak Naik
It's a solution our customers trust, so when we share the report they know we've done our due diligence
The main benefit of Veracode is that we can deliver better, more secure software. Our customers also trust Veracode. When we share the Veracode... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It supports most programming languages.""Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients.""Used for controlling the technical debt and code quality.""The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out.""CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform."

More CAST Application Intelligence Platform Pros →

"We use Veracode static analysis during development to eliminate vulnerability issues""It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security.""The Security Labs [is] where I have the developers training and constantly improving their security, and remembering their security techniques. That way, they are more proactive and make sure things are correct. They're faster because they're doing it in the first place.""I can have quick results by just uploading compiled components.""We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes.""It has almost completely eliminated the presence of SQLi vulnerabilities.""Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability.""The most valuable features of Veracode Static Analysis are its ability to work with GitLab and GitHub so that you can do the reviews and force the code."

More Veracode Pros →

Cons
"Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues.""The integration of this solution could be improved.""It has very few plugins to access different code repositories, so source code has to be fed.""Implementation could be made more simpler as it is complex.""The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code."

More CAST Application Intelligence Platform Cons →

"There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking.""The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed.""It does nearly everything, but penetration testing.""The solution could improve the Dynamic Analysis Security Testing(DAST).""Veracode's false positives have room for improvement.""The runtime code analysis could be improved so that we can see every element in one place.""I've found that Veracode is not particularly suitable for Dynamic Application Security Testing.""The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."

More Veracode Cons →

Pricing and Cost Advice
  • "I do know how the CAST Application Intelligence Platform is licensed, but I'm not able to give the cost because the price is not listed. My company works with individual vendors, so pricing is on a case-to-case basis, but the vendors give specialized pricing because of the enterprise deployment, though my team is aware of product pricing based on lines of code, based on the number of applications, etc., I'm unable to give the exact licensing costs of the CAST Application Intelligence Platform. My company doesn't have to pay extra for some features or services because all are included as part of the enterprise license. On a scale of one to five, with five being very cheap and one being very expensive, I would rate the CAST Application Intelligence Platform as three out of five."

    • More CAST Application Intelligence Platform Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Development Analytics solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about CAST Application Intelligence Platform?
    Top Answer:CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform… more »
    Read all 3 answers   →
    What needs improvement with CAST Application Intelligence Platform?
    Top Answer:Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering… more »
    Read all 3 answers   →
    What is your primary use case for CAST Application Intelligence Platform?
    Top Answer:CAST AIP is a valuable solution for quality metrics and application security. It is beneficial for software architecture detection.
    Read all 3 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    3rd
    out of 10 in Software Development Analytics
    Views
    1,014
    Comparisons
    687
    Reviews
    2
    Average Words per Review
    860
    Rating
    7.5
    2nd
    out of 74 in Application Security Tools
    Views
    25,659
    Comparisons
    17,158
    Reviews
    101
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    Also Known As
    CAST AIP
    Crashtest Security , Veracode Detect
    Learn More
    CAST
    Veracode
    Overview

    CAST Application Intelligence Platform (AIP), a result of over $130M in R&D investment over two decades, is an enterprise-grade software measurement and quality analysis solution designed to analyze multi-tiered, multi-technology applications for technical vulnerabilities and adherence to architectural and coding standards and then provide business relevant information to the IT organization through various dashboards and products built with end users in mind.

    • Application Analytics Dashboard (CAST AAD): Provides IT executives with accurate business relevant analytics to drive their organization
    • Application Engineering Dashboard (CAST AED): Provides engineering and QA teams with powerful code and system level structural flaw insight and remediation guidance
    • Enlighten: Delivers to developers a powerful deep understanding of their application’s structure
    • Architecture Checker: Gives architects a reliable, automated solution to enforce architectures that deliver stability and performance of their critical applications

    CAST’s underlying system-level analysis technology assesses both the health of an application, as measured through numerous health factors, as well as specific structural and system-level defects that drive performance and stability issues providing true system level analysis.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    Steria, T-Systems MMS, Atos Origin, Accenture, Capgemini
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm26%
    Computer Software Company15%
    Manufacturing Company12%
    Insurance Company9%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    VISITORS READING REVIEWS
    Small Business12%
    Midsize Enterprise11%
    Large Enterprise77%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise14%
    Large Enterprise69%

    CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. CAST Application Intelligence Platform is rated 7.0, while Veracode is rated 8.2. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". CAST Application Intelligence Platform is most compared with SonarQube, Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap.

    We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.