"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool."
"My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous."
"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA."
"The Veracode technical support is very good. They are responsive and very knowledgeable."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"AppScan is stable."
"There's extensive functionality with custom rules and a custom knowledge base."
"The solution offers services in a few specific development languages."
"It was easy to set up."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"Visual Studio is highly powerful. It's probably the best software development tool on the market."
"What I like most about Visual Studio Test Professional is the way people publish templates and publish integration."
"The ability to quickly make your own components has been valuable."
"The stability has always been very good."
"It is very easy to use. You can handle a lot of things together at once in one package, which is a good point for us."
"I was satisfied with the support given by customer service."
"It is a very common and strong product. A lot of support is available for this product."
"Easy to use and easily scalable."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"The training lab is not very user-friendly and takes a long time to set up."
"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."
"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."
"The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs."
"The pricing for qualified startups such as Neo4j could be improved."
"There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed."
"Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated."
"They have to improve support."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The solution could improve by having a mobile version."
"One thing which I think can be improved is the CI/CD Integration"
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"AppScan is too complicated and should be made more user-friendly."
"Sometimes it doesn't work so well."
"One of the problems with this solution is you need to be highly technically skilled to operate it, it is not for everyone."
"Sometimes Visual Studio is slow. It uses a lot of resources like memory and processing power. You should optimize the performance by only installing what you need on your machine. Don't install unnecessary things that will slow your machine."
"It needs more integration with other tools for monitoring. Microsoft also needs to make it more modern to make it work with microservices and the cloud. It is a bit outdated currently."
"Visual Studio Test Professional could improve by having better integration with external databases."
"The solution is quite expensive."
"In Visual Studio we still don't have anything which can pinpoint memory leaks on a certain code line."
"There are too many features with the product and I would like there to be less."
Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
HCL AppScan is ranked 13th in Application Security with 7 reviews while Visual Studio Test Professional is ranked 14th in Functional Testing Tools with 8 reviews. HCL AppScan is rated 7.0, while Visual Studio Test Professional is rated 8.2. The top reviewer of HCL AppScan writes "Improves application security, identifies gaps, and performs well". On the other hand, the top reviewer of Visual Studio Test Professional writes "Offers lots of features, including memory analysis and code sharing". HCL AppScan is most compared with SonarQube, Micro Focus Fortify on Demand, PortSwigger Burp Suite Professional, OWASP Zap and Checkmarx, whereas Visual Studio Test Professional is most compared with TFS, Apache JMeter, Tricentis Tosca, Katalon Studio and Micro Focus UFT Developer.
We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.