We performed a comparison between Parasoft SOAtest and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The testing time is shortened because we generate test data automatically with SOAtest."
"They have a feature where they can record traffic and create tests on the report traffic."
"If you want something that’s not provided out of the box, then you can write it yourself and integrate it with SOAtest."
"We have seen a return on investment."
"Every imaginable source in the entire world of information technology can be accessed and used."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"The solution is scalable."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
"All the features provided by Veracode are valuable, including static scan, dynamic scan, and MPT (Manual Penetration Testing)."
"The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."
"There is a single area on the dashboard where you can get a full view of all of the tests and the results from everything. There is a nice, very simple graphic that shows you the types of vulnerabilities that were found, their severity, the scoring, and in what part of the code they were found. All the details are together in one place."
"The deployment mode is very useful."
"The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen."
"Being able to scan our applications and identify all codes and defects is an extremely valuable feature."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"UI testing should be more in-depth."
"From an automation point of view, it should have better clarity and be more user friendly."
"Tuning the tool takes time because it gives quite a long list of warnings."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"The summary reports could be improved."
"Another problem we have is that, while it is integrated with single sign-on—we are using Okta—the user interface is not great. That's especially true for a permanent link of a report of a page. If you access it, it goes to the normal login page that has nothing that says "Log in with single sign-on," unlike other software as a service that we use. It's quite bothersome because it means that we have to go to the Okta dashboard, find the Veracode link, and log in through it. Only at that point can we go to the permanent link of the page we wanted to access."
"The GUI requires significant simplification, as its current complexity creates a steep learning curve for new users."
"The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted."
"I haven't heard about any problems so far. However, it would be great if Veracode automatically packaged stuff up for you."
"In the last month or so, I had a problem with the APIs when doing some implementations. The Veracode support team could be more specific and give me more examples. They shouldn't just copy the URL for a doc and send it to me."
"Some important languages are not supported."
"I would like to see these features: entering comments for internal tracking; entering a priority; reports that show the above."
"A high number of false positives are reported and this should be reduced."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews while Veracode is ranked 2nd in Application Security Testing (AST) with 186 reviews. Parasoft SOAtest is rated 8.2, while Veracode is rated 8.2. The top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Apache JMeter, whereas Veracode is most compared with SonarQube, Checkmarx, Snyk, Fortify on Demand and OWASP Zap. See our Parasoft SOAtest vs. Veracode report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.