We performed a comparison between NowSecure and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
"The article scanning is excellent."
"I like Veracode's API. You can put it into a simple bash script and run your own security testing from your MacBook in less than 15 minutes."
"The source composition analysis had very good reporting."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"Provides consistent evaluation and results without huge fluctuations in false positives or negatives."
"The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process."
"It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
"One area for improvement is the navigation in the UI. For junior developers or newcomers to the team, it can be confusing. The UI doesn't clearly bundle together certain elements associated with a scan. While running a scan, there are various aspects linked to it, but in the UI, they appear separate. It would be beneficial if they could redesign the UI to make it more intuitive for users."
"False positives are a problem. Sometimes the flow paths are not accurate and don't represent real attack vectors, but this happens with every application that performs static analysis of the code. But it's under control. The number of false positives is not so high that it is unmanageable on our side."
"It would help if there were a training module that would explain how to more effectively integrate the SAST product into the build tool, Jenkins or Bamboo."
"Veracode doesn't really help you so much when it comes to fixing things. It is able to find our vulnerabilities but the remediation activities it does provide are not a straight out-of-the-box kind of model. We need to work on remediation and not completely rely on Veracode."
"The documentation is poor and the technical support isn't helpful."
"The one thing I'd like to be able to do is schedule dynamic scans. Today we're kicking those off manually, but I believe that it's something have on their roadmap."
"The security labs integration has room for improvement."
"Veracode should make it easier to navigate between the solutions that they offer, i.e. between dynamic, static, and the source code analysis."
Earn 20 points
NowSecure is ranked 32nd in Application Security Testing (AST) while Veracode is ranked 2nd in Application Security Testing (AST) with 193 reviews. NowSecure is rated 7.0, while Veracode is rated 8.2. The top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". NowSecure is most compared with Data Theorem API Secure , GitLab, Acunetix and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.