I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect for some applications, while for others I use SoapUI with Burp Suite.

Most of our applications are related to Salesforce, Java-based, or .NET based systems. The applications typically involve forms where users provide their details. After submission, the information flows to two types of portals: a user portal where customers navigate and provide details, and a worker portal where company personnel verify and approve those details. These are the main types of applications I test.

I used Fortify WebInspect for inspecting web pages in production testing, oriented towards financial services.

We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. 

Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan the dynamic codes, which is where we use WebInspect.

Mostly, we use Fortify WebInspect to scan our applications. This includes whatever applications we are delivering to our customers. We aim to find out security vulnerabilities and other issues, so we can identify and fix them before releasing to the customer. This is the use case, as we strive to deliver applications free from vulnerabilities.

Customers use Fortify WebInspect to scan web applications and get results with recommendations. After running scans, customers often have questions and need my support or recommendations to understand how to fix the issues identified. This includes understanding what vulnerabilities were found and what they mean.

My company sells Fortify WebInspect to our customers.

This is a scanning tool. We carried out a POC with the aim of taking a proactive approach to scanning the applications and remediating the vulnerabilities in the development environment. We have 15-18 applications currently using Fortify. We'll be testing additional applications in the coming months. 

Most of the time, it is used to access the current state of a client's web application. Sometimes it's used to test in the test environment, and sometimes in the enterprise environment, for example, the published environment. It mainly scans and checks for critical vulnerabilities. 

It can also check the differences between the web application, between the crawled URLs. It's not the main functionality, however, it is possible to use it in that manner. 

We use it for code scanning, security scanning, and finding vulnerabilities.

I am using its latest version. I have Fortify code scan on the cloud and Fortify WebInspect on-premise for a dynamic scan. So, SAST is on the cloud, and DAST is on-premise.

Fortify WebInspect can be deployed on the cloud or on-premise.

Fortify WebInspect is used as a vulnerability scanner for applications.

We use this solution for security testing.

This is a security testing tool that is used by our security team and the QA team.

We primarily use the solution for web applications and tests. 

We primarily use the solution to test web applications regularly.

We use WebInspect for performance network application testing to be sure that we aren't creating any security issues.

I am using WebInspect for finding vulnerabilities.

We use WebInspect for dynamic application security testing, and integrating that into all our needs.

We primarily use the solution for dynamic application scanning.

We primarily use the application for web application scanning.