We performed a comparison between Tenable.io Web Application Scanning and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution's instant reports feature is the most effective for detecting threats."
"The initial setup is straightforward."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"It is a good product for creating secure software. The static code analysis is pretty good and useful."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"The analysis of the vulnerabilities and the results are the most valuable features."
"The innovative features offered by Veracode are excellent."
"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."
"We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes."
"One of the best things they offer is the scalability. The fact that you can work with it through the cloud means that if you have unintegrated business units, you don't have to worry about having a solution on-prem and having the network connection; you don't have to worry about giving up source code, you are just sending your binary files for most of the applications. So it scales much faster."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"The dashboard could be more user-friendly."
"The platform's technical support services could be better."
"It isn't easy to manage vulnerabilities in Tenable."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"It would be great if there were a dashboard that is more user-friendly."
"Maybe the pipeline scanning doesn't support enough languages. It might only support Java and Python only, so that could be improved."
"The area with the most room for improvement is the speed and responsiveness of the query, as it is usually very slow."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"We would like the consolidation of all the different modules. This would help, so then we would be able to see analytics and results on one screen, like a single pane of glass."
"One concern is that scans take a long time to run. We scan at the end of the day because we know it will take a lot of time. We leave it to run and the report will be generated by the next day when we arrive. The scanning time could be reduced."
"It's very expensive for a small organization."
"The reports on offer are too verbose."
"The overall reporting structure is complicated, and it's difficult to understand the report."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Tenable.io Web Application Scanning is rated 7.6, while Veracode is rated 8.2. The top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, Fortify on Demand, PortSwigger Burp Suite Professional and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Tenable.io Web Application Scanning vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.