The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate. The cost of the license depends on the number of virtual users and, in comparison to other solutions, is approximately 25% higher.

There are some file extensions, like .SER, that Fortify WebInspect doesn't scan. For these, we have to depend on other tools like GitHub scanners.

I would like WebInspect's scanning capability to be quicker. Specifically, being able to scan a particular flow or part of an application more rapidly would be beneficial. Additionally, the cost of the licensing, particularly for multiple user licenses, could be more relevant, which would improve affordability and distribution among users.

Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment. The pricing of the product is an area that can be considered for improvement. In the future, Fortify WebInspect should be made available at a cheaper rate since, in Korea, there are many other cheap alternatives available.

I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them. While Fortify WebInspect has automated scanning capabilities, it's not fully automated for 100% of the tasks. It can identify the website's structure and what the website uses. Still, for penetration testing, users like me or the customers must manually verify and test certain aspects to ensure the vulnerabilities are effectively addressed. They could develop a feature that automates sending packets back and forth, performing penetration tests, and verifying the impact of vulnerabilities, significantly enhancing the tool. It should be able to compromise vulnerabilities, report on them, and list the most critical issues that need fixing.

We were not able to host or install Fortify in some of our systems due to incompatibility. For a core company like ours using products like AppRizzo and similar technologies, the integration or installation of Fortify within the use tools would offer an upper hand relative to other scanning tools. Most organizations want a very seamless integration or installation with the many different technologies they use for their respective units.

We have had a problem with authentification. Most applications need authentication to scan to show results correctly. It doesn't allow for various types of authentications.

We have had some bugs on the solution.

The on-premises deployment does not scale. 

Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use.

A localized version, for example, in Korean would be a big improvement to this solution. 

It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application.

Its installation and maintenance are not easy. Its updates and upgrades are hard.

Its performance needs to be stabilized. It should also be able to find more vulnerabilities than other tools.

It is expensive. Its price needs to be improved.

The solution is on the expensive side. It's something that clients comment on. If they could make it more reasonable, it would be better.

Lately, we've seen more false negatives.

Our biggest complaint about this product is that it freezes up, and literally doesn't work for us. It may be in part the way we have it set up, or how we've licensed it.

It is awkward and not very friendly to work with.

The version that I am using is not capable of generating reports to HTML or PDF, so I can't share them. I have to get somebody else to log into the application and view the results themselves. Simply, I can't output a report that I can easily share.

The scanner could be better. 

The out of bounds channel is missing and it makes it hard to nail down the vulnerabilities.

There were times when we had to run the login sequence several times in order to capture it properly.

It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved.

Creating reports is very slow and it is something that should be improved.

In the future, I would like to see better integration between static analysis and dynamic analysis.

Right now, it's kind of bulky. There are a lot of newer generation tools coming out that are easier.

Also, when it comes to the installation and deployment, they inspect the enterprise. It was ok with the scale, but still I think they can make it a little lighter in nature.

The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective.

The solution needs improvements from the scanning and the technical perspective.

In the next release, we would love to see smooth scale mobile testing - if it has similar to testing with wider applications for different technologies as well because people are moving towards mobile. If the solution can integrate AI and also understand the application by itself, this will be great.

The service can be improved by creating a reduction of false positives.

One thing I would like to see them introduce is a cloud-based platform.