We performed a comparison between Fortify WebInspect and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is scalable and very easy to use."
"Technical support has been good."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The accuracy of its scans is great."
"Good at scanning and finding vulnerabilities."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"Guided Scan option allows us to easily scan and share reports."
"The most valuable feature is the efficiency of the tool in finding vulnerabilities."
"It gives feedback to developers on the effectiveness of their secure coding practices."
"I like Veracode's static scanning and SCA. We use three static scans, software composition analysis, and dynamic scans. We haven't used dynamic scanning as much, but we're trying to integrate that into our environment more."
"The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly."
"The static scan is the most valuable feature."
"The Static and Dynamic Analysis capabilities are very valuable to us. They've improved the speed of the inspection process."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"The time savings has been tremendous. We saw ROI in the first six months."
"One thing I would like to see them introduce is a cloud-based platform."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"We have had a problem with authentification."
"Creating reports is very slow and it is something that should be improved."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"A localized version, for example, in Korean would be a big improvement to this solution."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
"Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part."
"I would like to see these features: entering comments for internal tracking; entering a priority; reports that show the above."
"It needs more timely support for newer languages and framework versions."
"On-premise implementation is not available."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
"It would help if there were a training module that would explain how to more effectively integrate the SAST product into the build tool, Jenkins or Bamboo."
"It would be ideal if it was able to demonstrate higher levels of cybersecurity certifications like becoming FedRAMP compliant or working in those areas."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Fortify WebInspect is rated 7.0, while Veracode is rated 8.2. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Fortify WebInspect vs. Veracode report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
