We performed a comparison between Rapid7 AppSpider and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The setup is usually straightforward."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"The most valuable feature is the reporting, which is compliant with international standards."
"It scans all the components developed within a web application."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"It is a cloud-based platform, so every organization or every security team in the organization is concerned about uploading their code because ultimately the code is intellectual property. The most useful thing about Veracode is that if you want to upload the code, they accept only byte code. They do not accept the plain source code as an input. The code is converted into binary code, and it is uploaded to Veracode. So, it is quite secure. It also has the automation feature where you can integrate security during the initial stages of your software development life cycle. It is pretty much easy with Veracode. Veracode provides integration with multiple tools and platforms, such as Visual Studio, Java, and Eclipse. Developers can integrate with those tools by using Jenkins. The security consultation or the support that they provide is also really good. Its user management is also good. You can restrict the users for a particular application so that only certain developers will be able to see the code that has been scanned. Their reporting model is really good. For each customer, they provide a program manager. Every quarter, they have their reviews about how much it has scanned. They also ensure that the tool has been used efficiently."
"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."
"Static code scanning is the most valuable feature."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"It has improved the quality of code being delivered for test and its vulnerability resolutions timeline has improved."
"Veracode is a valuable tool in our secure SDLC process."
"Stable and scalable, with good reporting features. Helps in detecting and managing vulnerabilities and risks."
"The Veracode support team is excellent."
"There are some glitches with stability, and it is an area for improvement."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"The enterprise interface is too simple. It should be more customizable."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"AppSpider has some problems with the RAM needed while scanning."
"The tech support is responsive but issues remain unresolved."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"The dashboard and interface are crucial and they need some improvement."
"The security labs integration has room for improvement."
"It's problematic if you want to integrate it with your pipelines because the documentation is not so well written and it's full of typos. It is not presented in a structured way. It does not say, "If you want to achieve this particular thing, you have to do steps 1, 2, and 3." Instead, it contains bits of information in different parts, and you have to read everything and then understand the big picture."
"Scanning progress is highly dependent on the speed of the Internet."
"Third-party library scanning would be very useful to have. When I was researching this a year ago, there was not a third-party library scan available. This would be a nice feature to have because we are now running through some assessments and finding out which tool can do it since this information needs to be captured. Since Veracode is a security solution, this should be related."
"Improve Mobile Application Dynamic Scanning DAST - .ipa and .apk"
"The product has issues with scanning."
"The support team could be more responsive, and the dependency of users on the support team is too high and should be reduced."
"It will be beneficial for developers if Veracode Greenlight includes Python."
Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.
Rapid7 AppSpider is ranked 25th in Application Security Testing (AST) with 13 reviews while Veracode is ranked 2nd in Application Security Testing (AST) with 186 reviews. Rapid7 AppSpider is rated 7.8, while Veracode is rated 8.2. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Tenable.io Web Application Scanning and Fortify WebInspect, whereas Veracode is most compared with SonarQube, Checkmarx, Snyk, Fortify on Demand and OWASP Zap. See our Rapid7 AppSpider vs. Veracode report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.