• Home
  • NowSecure vs. Veracode

NowSecure vs Veracode comparison

Cancel
You must select at least 2 products to compare!
NowSecure Logo
NowSecure
Read 1 NowSecure review
554 views|343 comparisons
100% willing to recommend
Veracode Logo
Veracode
Read 194 Veracode reviews
25,312 views|17,044 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Static Application Security Testing (SAST)
June 2024
Executive Summary

We performed a comparison between NowSecure and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: June 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
AnirudhNair
Scalable and reliable, but dynamic analysis needs improvement
ShubhamSharma5
A very good tool for dynamic application testing, but its price is a little high
We have had challenges with security because developers come from different organizations and different backgrounds. They have different ways of... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."

More NowSecure Pros →

"The feature I like most in Veracode is that it clearly specifies the line in the entire file where a vulnerability is found.""The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools.""It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that.""There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic.""Scanning of .war and .jar is key for us.""Considering that in my project, we are mostly using Software Composition Analysis as a part of Static Code Analysis, for me, the main part is reporting and highlighting necessary vulnerabilities. Veracode platform has a rather good database of different vulnerabilities in different libraries and different sources. So, finding vulnerabilities in third-party libraries is the main feature of Software Composition Analysis that we use. It is the most important feature for us.""Veracode has a nice API that they provide to allow for custom things to be built, or automation. We actually have integrated Veracode into our software development cycle using their API. We actually are able to automatically, every time a new build of a software is completed, submit that application, kick off a scan, and we get results in a much more automated fashion.""Veracode provides faster scans compared to other static analysis security testing tools."

More Veracode Pros →

Cons
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"

More NowSecure Cons →

"The sandbox could use some improvement; when creating a sandbox, it requires us to put the application name in twice, which seems unnecessary.""I've found that Veracode is not particularly suitable for Dynamic Application Security Testing.""The area with the most room for improvement is the speed and responsiveness of the query, as it is usually very slow.""The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size.""The documentation is poor and the technical support isn't helpful.""The product has issues with scanning.""It would be ideal if it was able to demonstrate higher levels of cybersecurity certifications like becoming FedRAMP compliant or working in those areas.""The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it."

More Veracode Cons →

Pricing and Cost Advice
Information Not Available
  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    Ask a question

    Earn 20 points

    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    33rd
    out of 71 in Static Application Security Testing (SAST)
    Views
    554
    Comparisons
    343
    Reviews
    0
    Average Words per Review
    0
    Rating
    N/A
    2nd
    out of 71 in Static Application Security Testing (SAST)
    Views
    25,312
    Comparisons
    17,044
    Reviews
    101
    Average Words per Review
    989
    Rating
    8.1
    Comparisons
    Data Theorem API Secure logo
    Data Theorem API Secure vs. NowSecure
    Compared 23% of the time.
    Acunetix logo
    Acunetix vs. NowSecure
    Compared 19% of the time.
    Checkmarx One logo
    Checkmarx One vs. NowSecure
    Compared 16% of the time.
    GitLab logo
    GitLab vs. NowSecure
    Compared 15% of the time.
    More NowSecure Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 26% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 7% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    More Veracode Competitors   →
    Also Known As
    Crashtest Security , Veracode Detect
    Learn More
    NowSecure
    Video Not Available
    Veracode
    Overview

    NowSecure experts have conducted advanced pen testing for some of the world's most demanding organizations - including banks, insurance companies, government agencies, healthcare organizations, retail conglomerates, high-tech businesses, and more. Mobile apps are prone to sensitive data leakages and attacks, yet a manual test for just one app can take several weeks. To enable faster, more frequent testing, we built a test engine that successfully automates repeatable and time-consuming mobile appsec testing, remediation and reporting tasks. The result - the foundation of the NowSecure platform, which significantly reduces testing time and costs without compromising full depth of security coverage.

    Veracode is a global leader in Application Risk Management for the AI era. Powered by trillions of lines of code scans and a proprietary AI-generated remediation engine, the Veracode platform is trusted by organizations worldwide to build and maintain secure software from code creation to cloud deployment. Thousands of the world’s leading development and security teams use Veracode every second of every day to get accurate, actionable visibility of exploitable risk, achievereal-time vulnerability remediation, and reduce their security debt at scale. Veracode is a multi-award-winning company offering capabilities to secure the entire software development life cycle, including Veracode Fix, Static Analysis, Dynamic Analysis, Software Composition Analysis, Container Security, Application Security Posture Management, and Penetration Testing.

    Learn more atwww.veracode.com, on theVeracode blog, and onLinkedInandTwitter.

    Sample Customers
    Vaporstream, FIS, MEA Financial, Silent Circle, Capital One, Citi, EY, EMC, Emerson, Kaiser Permanente, The Home Depot, Humana, Shell, Kellogg's, TD Bank, VMware
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm19%
    Computer Software Company15%
    Hospitality Company8%
    Healthcare Company8%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise11%
    Large Enterprise66%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise14%
    Large Enterprise69%
    Buyer's Guide
    Static Application Security Testing (SAST)
    June 2024
    Download Free Report
    Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: June 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    NowSecure is ranked 33rd in Static Application Security Testing (SAST) while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. NowSecure is rated 7.0, while Veracode is rated 8.2. The top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". NowSecure is most compared with Data Theorem API Secure , Acunetix, Checkmarx One and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer.

    See our list of best Static Application Security Testing (SAST) vendors.

    We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.