Try our new research platform with insights from 80,000+ expert users

OpenText Dynamic Application Security Testing vs Veracode comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

OpenText Dynamic Applicatio...
Average Rating
7.2
Reviews Sentiment
6.1
Number of Reviews
22
Ranking in other categories
Dynamic Application Security Testing (DAST) (2nd), DevSecOps (8th)
Veracode
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
204
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

While both are Application Lifecycle Management solutions, they serve different purposes. OpenText Dynamic Application Security Testing is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 17.9%, down 22.0% compared to last year.
Veracode, on the other hand, focuses on Application Security Tools, holds 8.0% mindshare, down 10.5% since last year.
Dynamic Application Security Testing (DAST) Market Share Distribution
ProductMarket Share (%)
OpenText Dynamic Application Security Testing17.9%
HCL AppScan14.3%
Checkmarx One13.5%
Other54.3%
Dynamic Application Security Testing (DAST)
Application Security Tools Market Share Distribution
ProductMarket Share (%)
Veracode8.0%
SonarQube Server (formerly SonarQube)20.8%
Checkmarx One10.2%
Other61.0%
Application Security Tools
 

Featured Reviews

Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…
Kv Rao - PeerSpot reviewer
Integrates pipelines smoothly and fortifies code against vulnerabilities
I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The transaction recorder within WebInspect is easy to use, which is valuable for our team."
"Technical support has been good."
"The user interface is ok and it is very simple to use."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"Good at scanning and finding vulnerabilities."
"I'm sorry, but there is no review content provided to extract a quote from."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"The ease of integration with Bitbucket pipelines and Git pipelines is vital for us."
"It's straightforward, and it does not require a lot of time. It's a straightforward platform that you can use for performing scans or mitigating issues. It has a very good user interface. FAQs are also helpful in case you are not familiar with it."
"The Veracode support team is excellent."
"It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report."
"Our development team use this solution for static code analysis and pen testing."
"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."
"The SCA, agent-based analysis, is valuable. SAST and DAST take time, while this is quite fast. It gives the results very quickly. We have implemented it into our CI/CD pipeline."
"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."
 

Cons

"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"Lately, we've seen more false negatives."
"The scanner could be better."
"Not sufficiently compatible with some of our systems."
"Creating reports is very slow and it is something that should be improved."
"I would like WebInspect's scanning capability to be quicker."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate."
"I think for us the biggest improvement would be to have an indicator when there's something wrong with a scan."
"Veracode's SAST, DAST, and SCA are pretty good with respect to industry standards, but with regard to container security, they are in either beta or alpha testing. They need to get that particular feature up and running so that they take care of the container security part."
"The pricing for qualified startups such as Neo4j could be improved."
"The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it."
"Veracode is costly, and there is potential for improvement in its pricing."
"The on-platform reporting needs to be opened up much more. We'd like to be able to look at the inspection data from a trending perspective in a much more open manner. I need to be able to sort and filter much more flexibly than I can today."
"The training lab is not very user-friendly and takes a long time to set up."
"Straightforward to set up, but the configuration of the rules engine is difficult and complicated."
 

Pricing and Cost Advice

"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"This solution is very expensive."
"The price is okay."
"Fortify WebInspect is a very expensive product."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"It’s a fair price for the solution."
"The pricing is not clear and while it is not high, it is difficult to understand."
"I found Veracode very expensive, though I'm not the person paying for it. I was surprised to find out how much the subscription costs and that the executive board approved it, but it was a no-brainer because now my company has better security scans."
"The product’s price is a bit higher compared to other solutions."
"Its pricing is fair."
"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
"I don't really get too involved in the cost sides of things that's in my job, I'm more of a technical focus, but I have heard from my manager and a couple other people that the solution is quite expensive."
"I believe the price is fair according to market standards."
"The Veracode price model is based on application profiles, which is how you package your components for scanning."
"Pricing/licensing is complicated."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
867,676 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Government
15%
Manufacturing Company
13%
Computer Software Company
10%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise15
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise43
Large Enterprise112
 

Questions from the Community

What is your experience regarding pricing and costs for Fortify WebInspect?
While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs between $15,000 to $19,000. In comparison, Burp Suite costs approximately $500 to ...
What needs improvement with Fortify WebInspect?
WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applications, where it requires approximately 20-24 hours to crawl and audit but produ...
What is your primary use case for Fortify WebInspect?
I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect fo...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
 

Also Known As

Micro Focus WebInspect, WebInspect
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Aaron's
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about OpenText Dynamic Application Security Testing vs. Veracode and other solutions. Updated: May 2022.
867,676 professionals have used our research since 2012.