We performed a comparison between Fortify WebInspect and Parasoft SOAtest based on real PeerSpot user reviews.
Find out what your peers are saying about HCLTech, OpenText, Rapid7 and others in Dynamic Application Security Testing (DAST)."The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"It is scalable and very easy to use."
"Technical support has been good."
"The most valuable feature is the static analysis."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"Technical support is helpful."
"The testing time is shortened because we generate test data automatically with SOAtest."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"We have seen a return on investment."
"They have a feature where they can record traffic and create tests on the report traffic."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"Creating reports is very slow and it is something that should be improved."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"One thing I would like to see them introduce is a cloud-based platform."
"A localized version, for example, in Korean would be a big improvement to this solution."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"The performance could be a bit better."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"The summary reports could be improved."
"Tuning the tool takes time because it gives quite a long list of warnings."
"UI testing should be more in-depth."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while Parasoft SOAtest is ranked 23rd in Functional Testing Tools with 30 reviews. Fortify WebInspect is rated 7.0, while Parasoft SOAtest is rated 8.2. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, OWASP Zap, Acunetix and HCL AppScan, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Tricentis Tosca.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.