We performed a comparison between Fortify WebInspect and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The accuracy of its scans is great."
"The most valuable feature of this solution is the ability to make our customers more secure."
"The user interface is ok and it is very simple to use."
"The static scan is the most valuable feature."
"The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."
"Allows us to track the remediation and handling of identified vulnerabilities."
"Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"The product’s policy reporting for ensuring compliance with industry standards and regulations is great."
"For use cases where our company buys a product with the source code, but only the final executables or the binaries, only Veracode is able to work on that type of tool."
"A localized version, for example, in Korean would be a big improvement to this solution."
"We have had a problem with authentification."
"We have often encountered scanning errors."
"One thing I would like to see them introduce is a cloud-based platform."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"Creating reports is very slow and it is something that should be improved."
"The initial setup was complex."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."
"From what we have seen of Veracode's SCA offering, it is just average."
"Once your report has been generated, you need to review the report with consultation team, especially if it is too detailed on the development side or regarding the language. Then, you need some professional help from their end to help you understand whatever has been identified. Scheduling consultation takes a longer time. So, if you are running multiple reports at the same time, then you need to schedule a multiple consultation times with one of their developers. There are few developers on their end who work can work with your developers, and their schedules are very tight."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
"Veracode does not support scans for .NET Blazor server applications."
"An area for improvement in Veracode is the time that it takes to scan large projects, as that makes it difficult to fit into our CI/CD pipelines."
"Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated."
"The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Fortify WebInspect is rated 7.0, while Veracode is rated 8.2. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Fortify WebInspect vs. Veracode report.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.