I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect for some applications, while for others I use SoapUI with Burp Suite. Most of our applications are related to Salesforce, Java-based, or .NET based systems. The applications typically involve forms where users provide their details. After submission, the information flows to two types of portals: a user portal where customers navigate and provide details, and a worker portal where company personnel verify and approve those details. These are the main types of applications I test.
Services Project Lead, Information Technology at IGT Solutions
Real User
Top 10
2024-10-28T10:04:00Z
Oct 28, 2024
Mostly, we use Fortify WebInspect to scan our applications. This includes whatever applications we are delivering to our customers. We aim to find out security vulnerabilities and other issues, so we can identify and fix them before releasing to the customer. This is the use case, as we strive to deliver applications free from vulnerabilities.
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan the dynamic codes, which is where we use WebInspect.
Customers use Fortify WebInspect to scan web applications and get results with recommendations. After running scans, customers often have questions and need my support or recommendations to understand how to fix the issues identified. This includes understanding what vulnerabilities were found and what they mean.
Learn what your peers think about OpenText Dynamic Application Security Testing. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
This is a scanning tool. We carried out a POC with the aim of taking a proactive approach to scanning the applications and remediating the vulnerabilities in the development environment. We have 15-18 applications currently using Fortify. We'll be testing additional applications in the coming months.
Consulting Engineer at a consultancy with 11-50 employees
Real User
2023-03-21T07:18:35Z
Mar 21, 2023
Most of the time, it is used to access the current state of a client's web application. Sometimes it's used to test in the test environment, and sometimes in the enterprise environment, for example, the published environment. It mainly scans and checks for critical vulnerabilities. It can also check the differences between the web application, between the crawled URLs. It's not the main functionality, however, it is possible to use it in that manner.
Information Security Architect at a real estate/law firm with 1,001-5,000 employees
Real User
2021-11-11T16:34:45Z
Nov 11, 2021
We use it for code scanning, security scanning, and finding vulnerabilities. I am using its latest version. I have Fortify code scan on the cloud and Fortify WebInspect on-premise for a dynamic scan. So, SAST is on the cloud, and DAST is on-premise.
OpenText Dynamic Application Security Testing offers robust scalability, ease of use, and high accuracy in scanning, making it a valuable tool for enterprises.This security testing platform is known for its centralized dashboard, guided scans, and comprehensive reporting. It integrates seamlessly with tools like Fortify code scanner and supports extensive vulnerability detection and analysis, enhancing efficiency in security management. Despite its strengths, users suggest improvements in...
I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite from PortSwigger. For API testing, I use Postman with Burp Suite or WebInspect for some applications, while for others I use SoapUI with Burp Suite. Most of our applications are related to Salesforce, Java-based, or .NET based systems. The applications typically involve forms where users provide their details. After submission, the information flows to two types of portals: a user portal where customers navigate and provide details, and a worker portal where company personnel verify and approve those details. These are the main types of applications I test.
I used Fortify WebInspect for inspecting web pages in production testing, oriented towards financial services.
Mostly, we use Fortify WebInspect to scan our applications. This includes whatever applications we are delivering to our customers. We aim to find out security vulnerabilities and other issues, so we can identify and fix them before releasing to the customer. This is the use case, as we strive to deliver applications free from vulnerabilities.
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan the dynamic codes, which is where we use WebInspect.
Customers use Fortify WebInspect to scan web applications and get results with recommendations. After running scans, customers often have questions and need my support or recommendations to understand how to fix the issues identified. This includes understanding what vulnerabilities were found and what they mean.
My company sells Fortify WebInspect to our customers.
This is a scanning tool. We carried out a POC with the aim of taking a proactive approach to scanning the applications and remediating the vulnerabilities in the development environment. We have 15-18 applications currently using Fortify. We'll be testing additional applications in the coming months.
Most of the time, it is used to access the current state of a client's web application. Sometimes it's used to test in the test environment, and sometimes in the enterprise environment, for example, the published environment. It mainly scans and checks for critical vulnerabilities. It can also check the differences between the web application, between the crawled URLs. It's not the main functionality, however, it is possible to use it in that manner.
Fortify WebInspect can be deployed on the cloud or on-premise. Fortify WebInspect is used as a vulnerability scanner for applications.
We use this solution for security testing.
We use it for code scanning, security scanning, and finding vulnerabilities. I am using its latest version. I have Fortify code scan on the cloud and Fortify WebInspect on-premise for a dynamic scan. So, SAST is on the cloud, and DAST is on-premise.
We primarily use the solution for web applications and tests.
We primarily use the solution to test web applications regularly.
This is a security testing tool that is used by our security team and the QA team.
We use WebInspect for performance network application testing to be sure that we aren't creating any security issues.
I am using WebInspect for finding vulnerabilities.
We use WebInspect for dynamic application security testing, and integrating that into all our needs.
We primarily use the solution for dynamic application scanning.
We primarily use the application for web application scanning.