We performed a comparison between Spirent CyberFlood and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature I find most valuable is the traffic generator."
"Our customers use it to check for unauthorized file transfer."
"CyberFlood's best features are its user-friendliness and scheduling function."
"CyberFlood is flexible."
"The capability to identify vulnerable code is the most valuable feature of Veracode."
"We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle."
"I contacted the solution's technical support during the automation part, and it went well, after which I never faced any issues."
"It does software composition analysis, discovering open source software weaknesses."
"Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation."
"The ability on static scans to be able to do sandbox scans which do not generate metrics."
"The static scan is the most valuable feature."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"I would also like to see updates on a more frequent schedule."
"CyberFlood's accessibility and support for multiple browsers could be better."
"Sometimes, when you configure parameters the hardware can't run, it will get stuck at those points without telling you what happened. It would be helpful if the error reporting provided more details about why the test setting is not running. It would be nice if there were a space in the hardware module for you to add some external hardware for more rigorous testing."
"The solution needs more ports, more speed, and more gigabytes."
"There is room for improvement in documentation."
"There should be more APIs, especially in SCA, to get some results or automate some things."
"The UI could be better. Also, there are some scenarios where there is no security flaw, but the report indicates that there is a security flaw. The report is not perfectly accurate. So, the accuracy of the scanning reports needs improvement."
"It can have more APIs and capabilities to handle other things well. We were doing a trial for it. There were two things that I looked at: one was uploading some Java-related content and the other was uploading database SQL files and having the review done on the quarterback. The Java portion of it worked fine, and it was pretty seamless, but the database portion was not. We uploaded some files to use for vulnerabilities, and the tell-all portion of it was pretty easy. We uploaded a war file and Java files, and we got the reports back on these. They were pretty clear to understand. We did the same thing for the database portion for the most part. However, the content wasn't getting uploaded in a predictable fashion, and it was slow and hard to get done. We had to do it over and over. After it indicated that the content was uploaded, there were no results. There were zero search findings. It was possibly a user error, something that we didn't do correctly, but they had acknowledged that it was something they were currently enhancing. This is something that could be made easier if they haven't already done that. I don't know how many releases they've had in that timeframe. I haven't looked at it since then. It was a trial period."
"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."
"Veracode's ease of use could be improved. I would also like to see more online videos and tutorials that could help us understand the product better. It would also be helpful if Veracode created a certification program for DevSecOps staff to learn about their product and get certified. This kind of training would raise the company's profile within the industry."
"I would love to be able to do a dynamic sandbox scan. I think that that would allow us to really get a lot more buy-in from the software development teams."
"Veracode can improve the price model and how they bill the final offer to customers. It's based on the amount of traffic. For example, you can buy 1 gigabyte distributed across various applications, and each one can consume part of the whole allotment of traffic data."
Spirent CyberFlood is ranked 33rd in Application Security Tools with 4 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Spirent CyberFlood is rated 8.4, while Veracode is rated 8.2. The top reviewer of Spirent CyberFlood writes "I like the solution's flexibility". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Spirent CyberFlood is most compared with Ixia BreakingPoint and Ixia BreakingPoint VE, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Spirent CyberFlood vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.