We performed a comparison between Fortra Tripwire IP360, Parasoft SOAtest, and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"We could manage our entire IP range with the solution."
"Tripwire IP360 is a very stable solution."
"If you want something that’s not provided out of the box, then you can write it yourself and integrate it with SOAtest."
"We have seen a return on investment."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"Automatic testing is the most valuable feature."
"They have a feature where they can record traffic and create tests on the report traffic."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"Since the solution has both command line and automation options, it generates good reports."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components."
"It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed."
"Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing."
"For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE."
"The coverage of the last vulnerabilities reported."
"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful."
"Scanning of .war and .jar is key for us."
"I like Veracode's static scanning and SCA. We use three static scans, software composition analysis, and dynamic scans. We haven't used dynamic scanning as much, but we're trying to integrate that into our environment more."
"We need to dedicate time and resources to keep it running."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"I am not very impressed by the technical support."
"The performance could be a bit better."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"Reporting facilities can be better."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"UI testing should be more in-depth."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"The user interface could be more sleek. Some scanning requirements aren't flexible. Some features take some time for new users to understand (like what exactly "modules" are)."
"One of the most important areas that need improvement for Veracode is its DaaS. Veracode's DAST engines are primitive."
"I would love to be able to do a dynamic sandbox scan. I think that that would allow us to really get a lot more buy-in from the software development teams."
"The negative that I found is that it has a subscription-based model."
"The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
