We performed a comparison between Tenable.io Web Application Scanning and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. Tenable.io Web Application Scanning is highly stable. I rate it a nine out ten. Since the solution works on the Cloud, it's highly scalable. I rate the scalability a nine out of ten. The setup of the solution is straightforward. The Return on Investment is substantial. I recommend the solution to all."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"The initial setup is straightforward."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"The most effective feature of the product is the ability to scan the entire environment."
"The recommendations and frequent updates are the most valuable features of Veracode."
"It is great to have such insight into code without having to upload the source code at all. It saves a lot of NDA paperwork. The Visual Studio plugin allows the developer to seamlessly upload the code and get results as he works, with no manual upload. The code review function is great. It allows you to find flaws in source code."
"The tech support has been very much on the forefront of contacting customers. They help us by making sure all the processes have been outlined and are being followed. They regularly look with us at the whole platform process."
"Veracode enables us to build a strong data security layer in our platforms. We can increase customer confidence in data security. Some PCI/HIPAA compliance issues were impossible to resolve without Veracode."
"It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results."
"The dependency graph visualization provides the ability to see nested dependencies within libraries for pinpointing vulnerabilities."
"Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"It isn't easy to manage vulnerabilities in Tenable."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
"The platform's technical support services could be better."
"The reporting has a very limited customization capability."
"The report customization needs to be better."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"Tenable.io Web Application Scanning conducts a general scan, which wastes time. The scan needs to be specific."
"We have some constraints interacting with Veracode self-support. I'm not talking about their technical support. I'm talking about self-support. We sometimes have a hard time communicating with them."
"Sometimes Veracode gives us results about small glitches in the necessary packages. For example, we recently found issues with Veracode's native libraries for .NET 6 that were fixed in the next versions of those libraries. But sometimes you do not know which version of the library particular components are using. The downside of that is that one day, the solution found some issues in that library for the necessary package we spent. Another day, it found the same issues with another library. It will clearly state that this is the same stuff you've already analyzed. This creates some additional work, but it isn't significant. However, sometimes you see the same issue for two or three days in a row."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"Veracode scans provide a higher number of false positives."
"The JIRA integration automation aspect of it could be improved significantly. We want to have a way to create tickets that are going to allow people to work through those flaws that we're finding. We don't want people to feel like they're missing out on something or that they're not following directions in the right way."
"It needs more timely support for newer languages and framework versions."
"The scanning takes a lot of time to complete."
"The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Tenable.io Web Application Scanning is rated 7.6, while Veracode is rated 8.2. The top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, Fortify on Demand, SonarQube and Mend.io, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Tenable.io Web Application Scanning vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.