We performed a comparison between Pentera and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Penetration Testing Services solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What I like the most about Pentera is its solution-oriented approach."
"The vulnerability scanner, exploit achievements, and remediation actions are all great."
"Maybe there are some remediation steps on the website, we can mask sensitive information on the website better."
"The most valuable feature of Pentera is that you can do continuous vulnerability assessment, which is automated."
"The product is easy to use."
"The reporting being highly accurate is pretty cool. I use another product and I was always looking for answers as to what line, which part of the code, was wrong, and what to do about it. Veracode seems to have a solid database to look things up and a website to look things up."
"It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results."
"The most valuable features of the solution are its extensive reporting capabilities and user-friendly interface."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"Because it is a SaaS offering, I do not have to support the infrastructure."
"We have to look at it from the perspectives of how important it is to fix something and when it should be prioritized for fixing. The JSON output from the agent-based scans gives us the CVS core, and that makes things much easier."
"One of the best things they offer is the scalability. The fact that you can work with it through the cloud means that if you have unintegrated business units, you don't have to worry about having a solution on-prem and having the network connection; you don't have to worry about giving up source code, you are just sending your binary files for most of the applications. So it scales much faster."
"The analysis of the vulnerabilities and the results are the most valuable features."
"There is room for improvement in virtualization compatibility."
"Pentera's general dashboards could be improved and made more specific in terms of vulnerabilities that I'm discovering."
"Maybe scalability. I know that the Pentera right now is high level in order to scan big deals over 500 IPs and not less, and not less. That can be more granular. This will be useful."
"The price could be improved."
"The vulnerability scanner, exploit achievements, and remediation actions are all great."
"The runtime code analysis could be improved so that we can see every element in one place."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"Another thing I need is continued support for the new languages today that are popular. Most of them are scripting languages more so than real, fourth-generation, commercial grade stuff; we're evolving. Most applications are using so much open-source that, quite frankly, it would be great to see Veracode, or anybody else, extend their platform to where they are able to help secure open-source platforms or repositories."
"I do expect large applications with millions of lines of code to take a while, but it would be nice if there was a possibility to be able to have a baseline initial scan. I know that Veracode touts that there are Pipeline Scans that are supposed to take 90 seconds or less, and we've tried to do that ourselves with our ERP application. However, it actually times out after two hours of scanning. If the static scan itself or another option to run a lower tier scan can be integrated earlier on into our SDLC, it would be great. Right now, it takes so long that we usually leave it till a bit later in the cycle, whereas if it ran faster, we could push it to the time when a developer will be checking in code. That would make us feel a lot more confident that we'd be able to catch things almost instantaneously."
"We connected with Veracode's support a couple of times, and we got a different answer each time."
"It needs more timely support for newer languages and framework versions."
"I think for us the biggest improvement would be to have an indicator when there's something wrong with a scan."
"The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size."
Pentera is ranked 2nd in Penetration Testing Services with 5 reviews while Veracode is ranked 3rd in Penetration Testing Services with 194 reviews. Pentera is rated 8.2, while Veracode is rated 8.2. The top reviewer of Pentera writes "A stable solution that can be used to do continuous and automated vulnerability assessments". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Pentera is most compared with Cymulate, Tenable Nessus, Picus Security, Horizon3.ai and HackerOne, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Pentera vs. Veracode report.
See our list of best Penetration Testing Services vendors.
We monitor all Penetration Testing Services reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
