According to the IT Central Station community, the most popular alternatives to Fortify WebInspect are Micro Focus Fortify on Demand, OWASP Zap, PortSwigger Burp, and HCL AppScan. Hope that's helpful!
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
You need to ask yourself a few questions: 1. Do I know is the technology stack (languages) that needs to be supported? 2. Do I have access to the Source Code, just Binaries OR Both? 3. Do I need to support SCA(FOSS) 4. Do I need a unified Dashboard for reporting for SAST, DAST & SCA? 5. What is the size of the experienced team I have to support this?
For a DAST solution: 1. What is the size of the experienced team I have to support this? 2. Do I want the DAST to integrate with other tools (BurpSuite, MetaSploit, WAF, etc) 3. Do I want the DAST to automate from a Postman Script, Jenkins Build Server, JIRA, ServiceNow, etc. 4. Do I need a unified Dashboard for reporting for SAST, DAST & SCA?
Instead of asking who can compete with Fortify, it might be better to ask who can compliment Fortify OR what did I dislike most about Fortify. Then find some others who will give you a fair and unbiased opinion.
When you look at the top 4 players in the market being Fortify, VeraCode, Checkmarx, Synopsys.... what do you see? Then ask why? (Hint...all top leadership and top sales begin at Fortify)
@Oscar Van Der Meer Fortify SCA (Static Code Analyzer) was around way before SCA (Software Composition Analysis). There are various integrations with Software Composition Analysis (SonaType, BlackDuck, Snyk, WhiteSource, and OWASP Dependency Checker & Track. The reason behind it is to allow customers the flexibility to integrate with the tool the line of business chooses within the corporation.
Hello community,
I am the Director of Information Security at a large financial services firm.
I am currently researching Fortify WebInspect and PortSwigger Burp Suite Enterprise Edition. Which solution do you prefer and why?
Thank you for your help.
Hello peers,
I am an Information Technology Associate at a small tech services company.
I am currently researching DAST solutions. Which solution do you prefer: Fortify WebInspect or HCL AppScan? Can you please provide a comparison between the two?
Thank you.
People may prefer Fortify WebInspect to HCL AppScan because Fortify WebInspect has more features and is more scalable. However, if you prioritize affordability and ease of use and configuration, some say that HCL AppScan is the better option.
Here is a comparison of the two DAST solutions for your reference:
Fortify WebInspect
Pros:
Wide range of features, including static analysis, dynamic analysis, and interactive analysis
Easy to use and configure
Good integration with other security solutions
Cons:
Can be expensive
Not as scalable as some other DAST solutions
HCL AppScan
Pros:
Affordable
Easy to use and configure
Good integration with other HCL security solutions
Cons:
Limited feature set
Not as scalable as Fortify WebInspect
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top 5 Software Composition Analysis (SCA...
The world of technology is constantly undergoing both evolutions and revolutions. It is always difficult to know just what kinds of changes and innovations each year is going to bring. The fields of Development and Operations (DevOps) and Development, Security, and Operations (DevSecOps) are two examples where the best people can do is offer their predictions of what might be in store.
PeerSp...
According to the IT Central Station community, the most popular alternatives to Fortify WebInspect are Micro Focus Fortify on Demand, OWASP Zap, PortSwigger Burp, and HCL AppScan. Hope that's helpful!
@Russell Rothstein Thank You russel
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
Rendra,
You need to ask yourself a few questions:
1. Do I know is the technology stack (languages) that needs to be supported?
2. Do I have access to the Source Code, just Binaries OR Both?
3. Do I need to support SCA(FOSS)
4. Do I need a unified Dashboard for reporting for SAST, DAST & SCA?
5. What is the size of the experienced team I have to support this?
For a DAST solution:
1. What is the size of the experienced team I have to support this?
2. Do I want the DAST to integrate with other tools (BurpSuite, MetaSploit, WAF, etc)
3. Do I want the DAST to automate from a Postman Script, Jenkins Build Server, JIRA, ServiceNow, etc.
4. Do I need a unified Dashboard for reporting for SAST, DAST & SCA?
Instead of asking who can compete with Fortify, it might be better to ask who can compliment Fortify OR what did I dislike most about Fortify. Then find some others who will give you a fair and unbiased opinion.
When you look at the top 4 players in the market being Fortify, VeraCode, Checkmarx, Synopsys.... what do you see? Then ask why? (Hint...all top leadership and top sales begin at Fortify)
Hope this helps.
Fortify Static Code Analyzer is actually NOT an SCA (Software Composition Analysis) tool! It competes more with Checkmarx and Veracode
@Oscar Van Der Meer Fortify SCA (Static Code Analyzer) was around way before SCA (Software Composition Analysis). There are various integrations with Software Composition Analysis (SonaType, BlackDuck, Snyk, WhiteSource, and OWASP Dependency Checker & Track. The reason behind it is to allow customers the flexibility to integrate with the tool the line of business chooses within the corporation.