Try our new research platform with insights from 80,000+ expert users

OpenText Dynamic Application Security Testing vs Veracode comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

OpenText Dynamic Applicatio...
Average Rating
7.2
Reviews Sentiment
6.1
Number of Reviews
22
Ranking in other categories
Dynamic Application Security Testing (DAST) (2nd), DevSecOps (8th)
Veracode
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
204
Ranking in other categories
Application Security Tools (2nd), Static Application Security Testing (SAST) (2nd), Container Security (8th), Software Composition Analysis (SCA) (3rd), Static Code Analysis (1st), Application Security Posture Management (ASPM) (2nd)
 

Mindshare comparison

While both are Application Lifecycle Management solutions, they serve different purposes. OpenText Dynamic Application Security Testing is designed for Dynamic Application Security Testing (DAST) and holds a mindshare of 17.9%, down 22.0% compared to last year.
Veracode, on the other hand, focuses on Application Security Tools, holds 8.0% mindshare, down 10.5% since last year.
Dynamic Application Security Testing (DAST) Market Share Distribution
ProductMarket Share (%)
OpenText Dynamic Application Security Testing17.9%
HCL AppScan14.3%
Checkmarx One13.5%
Other54.3%
Dynamic Application Security Testing (DAST)
Application Security Tools Market Share Distribution
ProductMarket Share (%)
Veracode8.0%
SonarQube Server (formerly SonarQube)20.8%
Checkmarx One10.2%
Other61.0%
Application Security Tools
 

Featured Reviews

Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…
Kv Rao - PeerSpot reviewer
Integrates pipelines smoothly and fortifies code against vulnerabilities
I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is the static analysis."
"The transaction recorder within WebInspect is easy to use, which is valuable for our team."
"The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients."
"The most valuable feature of this solution is the ability to make our customers more secure."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The solution's technical support was very helpful."
"The solution is easy to use."
"It is easy to use, and its reporting is fairly simple."
"It has given our management a view into issues with all of our product lines. We have three products and all of them were scanned. As a result, the project lead for each product has taken measures to improve things."
"This static analysis helps ensure a secure application rollout across all environments."
"It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."
"The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"For use cases where our company buys a product with the source code, but only the final executables or the binaries, only Veracode is able to work on that type of tool."
"The most valuable feature is the dynamic application security testing."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
 

Cons

"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The initial setup was complex."
"Creating reports is very slow and it is something that should be improved."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"While Veracode is way ahead of its competitors on Gartner Magic Quadrant, it's a bit more expensive than Fortify. It's a good solution for the cost, but if we had a high budget, we would go with Checkmarx, which is much better than Veracode."
"I would like Veracode to add more language support."
"It does nearly everything, but penetration testing."
"It can be a bit complex because it takes a lot of time to have it complete the task."
"The pricing for qualified startups such as Neo4j could be improved."
"It's problematic if you want to integrate it with your pipelines because the documentation is not so well written and it's full of typos. It is not presented in a structured way. It does not say, "If you want to achieve this particular thing, you have to do steps 1, 2, and 3." Instead, it contains bits of information in different parts, and you have to read everything and then understand the big picture."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."
 

Pricing and Cost Advice

"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"It’s a fair price for the solution."
"The pricing is not clear and while it is not high, it is difficult to understand."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"This solution is very expensive."
"The price is okay."
"Fortify WebInspect is a very expensive product."
"Veracode is a very expensive product."
"Pricing/licensing is complicated."
"We are still considering it at the enterprise level. It has a subscription-based model. We find its price a little high based on the features it provides."
"When I looked at the pricing, it was definitely a value. In terms of the service and what it's checking, the cost was very reasonable, particularly because we could have multiple code bases as part of a project."
"It is pricey. There is a lot of value in the product, but it is a costly tool."
"The Veracode price model is based on application profiles, which is how you package your components for scanning."
"As compared to others, it is a costly solution. It is overpriced, and many organizations with a limited budget cannot afford it. That is why they are going for other tools, but those tools are not that effective. Veracode is better in terms of quality. If you want good service, you have to pay for it."
"Negotiate some, but their prices are reasonable."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
867,349 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Government
15%
Manufacturing Company
13%
Computer Software Company
10%
Financial Services Firm
16%
Computer Software Company
16%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise15
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise43
Large Enterprise112
 

Questions from the Community

What is your experience regarding pricing and costs for Fortify WebInspect?
While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs between $15,000 to $19,000. In comparison, Burp Suite costs approximately $500 to ...
What needs improvement with Fortify WebInspect?
WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applications, where it requires approximately 20-24 hours to crawl and audit but produ...
What is your primary use case for Fortify WebInspect?
I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect fo...
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use...
What do you like most about Veracode?
The SAST and DAST modules are great.
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
 

Also Known As

Micro Focus WebInspect, WebInspect
Crashtest Security , Veracode Detect
 

Overview

 

Sample Customers

Aaron's
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Find out what your peers are saying about OpenText Dynamic Application Security Testing vs. Veracode and other solutions. Updated: May 2022.
867,349 professionals have used our research since 2012.