Try our new research platform with insights from 80,000+ expert users

Klocwork vs OpenText Dynamic Application Security Testing comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Klocwork
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
25
Ranking in other categories
Application Security Tools (18th), Static Application Security Testing (SAST) (16th), Static Code Analysis (5th)
OpenText Dynamic Applicatio...
Average Rating
7.2
Reviews Sentiment
6.8
Number of Reviews
21
Ranking in other categories
Dynamic Application Security Testing (DAST) (3rd), DevSecOps (10th)
 

Mindshare comparison

While both are Application Lifecycle Management solutions, they serve different purposes. Klocwork is designed for Application Security Tools and holds a mindshare of 1.4%, down 1.4% compared to last year.
OpenText Dynamic Application Security Testing, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 22.2% mindshare, down 30.5% since last year.
Application Security Tools
Dynamic Application Security Testing (DAST)
 

Featured Reviews

AnirbanSarkar - PeerSpot reviewer
Lets you find defects during the development phase, so you don't have to wait till the development is over to find and address flaws
What needs improvement in Klocwork, compared to other products in the market, is the dashboard or reporting mechanisms that need to be a bit more flexible. The Klocwork dashboard could be improved. Though it's good, it's not as good as some of the other products in the market, which is a problem. The reporting could be more detailed and easier to sort out because sorting in Klocwork could be a bit more time-consuming, mainly when sorting defects based on filters, compared to how it's done on other tools such as Coverity. What I'd like added in the next release of Klocwork is the peer code review Cahoots which used to be a part of Klocwork, and the architecture analysis and both have been taken out of Klocwork. I found the two critical for specific deployments, so if those can be brought back to Klocwork, that would be very good.
Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Klocwork is finding defects while you're doing the coding. For example, if you have an IDE plug-in of Klocwork on Visual Studio or Eclipse, you can find the faults; similar to using spell check on Word, you can find out defects during the development phase, which means that you don't have to wait till the development is over to find the flaws and address the deficiencies. I also find language support in Klocwork good because it used to support only C, C++, C#, and Java, but now, it also supports Java scripts and Python."
"We like using the static analysis and code refactoring, which are very valuable because of our requirements to meet safety critical levels and reliability."
"There is a central Klocwork server at our headquarter in France so we connect the client directly to the server on-premises remotely."
"On-the-fly analysis and incremental analysis are the best parts of Klocwork. Currently, we are using both of these features very effectively."
"One can increase the number of vendors, so the solution is scalable."
"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."
"Klocwork is user-friendly, with a client-server architecture that provides all needed compliance."
"The most valuable feature of Klocwork is its reduced setup time."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The solution's technical support was very helpful."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"It is scalable and very easy to use."
"Guided Scan option allows us to easily scan and share reports."
"The feature that has been most influential in identifying vulnerabilities is its ability to crawl the website, understand the structure, and analyze the network packets sent and received."
 

Cons

"Modern languages, such as Angular and .NET, should be included as a part of Klocwork. They have recently added Kotlin as a part of their project, but we would like to see more languages in Klocwork. That's the reason we are using Coverity as a backup for some of the other languages."
"I hope that in each new release they add new features relating to the addition of checkers, improving their analysis engines etc."
"Even though it does the job, there's room for feature enhancements, such as integrations with Git for better tracking and notifications."
"Klocwork has to improve its features to stay ahead of other free solutions."
"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."
"I believe it should support more languages, such as Python and JavaScript."
"Now the only issue we have is that whenever we need to get the code we have to build it first. Then we can get the report."
"The main problem is that since it only parses the code, the warnings or the problems that are given as a result of the report can sometimes require a lot of effort to analyze."
"One thing I would like to see them introduce is a cloud-based platform."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"I would like WebInspect's scanning capability to be quicker."
"The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"We have had a problem with authentification."
"We have often encountered scanning errors."
 

Pricing and Cost Advice

"When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."
"This solution offers competitive pricing."
"Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."
"The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."
"Klocwork should not to be quite so heavy handed on the licensing for very specific programs."
"Licensing fees are paid annually, but they also have a perpetual license."
"The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."
"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"It’s a fair price for the solution."
"The price is okay."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"This solution is very expensive."
"Fortify WebInspect is a very expensive product."
"The pricing is not clear and while it is not high, it is difficult to understand."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
24%
Educational Organization
13%
Computer Software Company
12%
Comms Service Provider
5%
Financial Services Firm
16%
Government
15%
Manufacturing Company
13%
Computer Software Company
12%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Klocwork?
It's integrated into our CI, continuous integration.
What is your experience regarding pricing and costs for Klocwork?
Klocwork's pricing seems attractive, as it uses a per-user license model that does not have a lot of overhead.
What needs improvement with Klocwork?
One area for improvement is that when customers use different static analysis tools, they report more issues compared to Klocwork. The static analysis engine of Klocwork has areas that need improve...
What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
What is your experience regarding pricing and costs for Fortify WebInspect?
The price of Fortify WebInspect is high, with the cost depending on the number of virtual users. It is approximately 25% higher than other solutions.
What needs improvement with Fortify WebInspect?
The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate. The cost of the license depends on the number of virtual users and, in comparison to...
 

Also Known As

No data available
Micro Focus WebInspect, WebInspect
 

Overview

 

Sample Customers

ACCESS Co Ltd, Risk-AI, Winbond Electronics, Bristol-Myers Squibb Pharmaceutical Research Institute, University of Southern California, Alebra Technologies, SIMULIA, Risk Management Solutions, Brigham Young University, SRD, HRL
Aaron's
Find out what your peers are saying about Klocwork vs. OpenText Dynamic Application Security Testing and other solutions. Updated: May 2022.
861,390 professionals have used our research since 2012.