We performed a comparison between Spirent CyberFlood and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature I find most valuable is the traffic generator."
"Our customers use it to check for unauthorized file transfer."
"CyberFlood's best features are its user-friendliness and scheduling function."
"CyberFlood is flexible."
"I appreciate the integration provided by Veracode that seamlessly integrates with our CI/CD tools and allows us to integrate with IPA as well."
"We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing."
"Veracode Security Labs are fantastic. My team loves getting the hands-on experience of putting in a flaw and fixing it. It's interactive. We've gotten decent support from the sales and software engineers, so the initial support was excellent. They scheduled a consultation call to dive deep and discuss why we see these findings and codes. That was incredibly helpful."
"There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode."
"The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly."
"It is a cloud-based platform, so every organization or every security team in the organization is concerned about uploading their code because ultimately the code is intellectual property. The most useful thing about Veracode is that if you want to upload the code, they accept only byte code. They do not accept the plain source code as an input. The code is converted into binary code, and it is uploaded to Veracode. So, it is quite secure. It also has the automation feature where you can integrate security during the initial stages of your software development life cycle. It is pretty much easy with Veracode. Veracode provides integration with multiple tools and platforms, such as Visual Studio, Java, and Eclipse. Developers can integrate with those tools by using Jenkins. The security consultation or the support that they provide is also really good. Its user management is also good. You can restrict the users for a particular application so that only certain developers will be able to see the code that has been scanned. Their reporting model is really good. For each customer, they provide a program manager. Every quarter, they have their reviews about how much it has scanned. They also ensure that the tool has been used efficiently."
"Veracode is a valuable tool in our secure SDLC process."
"Veracode is easy to use even if you're not a security professional. I like the dynamic analysis feature, which offers a lot of cost savings when used in production."
"I would also like to see updates on a more frequent schedule."
"CyberFlood's accessibility and support for multiple browsers could be better."
"Sometimes, when you configure parameters the hardware can't run, it will get stuck at those points without telling you what happened. It would be helpful if the error reporting provided more details about why the test setting is not running. It would be nice if there were a space in the hardware module for you to add some external hardware for more rigorous testing."
"The solution needs more ports, more speed, and more gigabytes."
"It can have more APIs and capabilities to handle other things well. We were doing a trial for it. There were two things that I looked at: one was uploading some Java-related content and the other was uploading database SQL files and having the review done on the quarterback. The Java portion of it worked fine, and it was pretty seamless, but the database portion was not. We uploaded some files to use for vulnerabilities, and the tell-all portion of it was pretty easy. We uploaded a war file and Java files, and we got the reports back on these. They were pretty clear to understand. We did the same thing for the database portion for the most part. However, the content wasn't getting uploaded in a predictable fashion, and it was slow and hard to get done. We had to do it over and over. After it indicated that the content was uploaded, there were no results. There were zero search findings. It was possibly a user error, something that we didn't do correctly, but they had acknowledged that it was something they were currently enhancing. This is something that could be made easier if they haven't already done that. I don't know how many releases they've had in that timeframe. I haven't looked at it since then. It was a trial period."
"The area with the most room for improvement is the speed and responsiveness of the query, as it is usually very slow."
"Sometimes Veracode gives us results about small glitches in the necessary packages. For example, we recently found issues with Veracode's native libraries for .NET 6 that were fixed in the next versions of those libraries. But sometimes you do not know which version of the library particular components are using. The downside of that is that one day, the solution found some issues in that library for the necessary package we spent. Another day, it found the same issues with another library. It will clearly state that this is the same stuff you've already analyzed. This creates some additional work, but it isn't significant. However, sometimes you see the same issue for two or three days in a row."
"Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"The scanning takes a lot of time to complete."
"On-premise implementation is not available."
Spirent CyberFlood is ranked 33rd in Application Security Tools with 4 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Spirent CyberFlood is rated 8.4, while Veracode is rated 8.2. The top reviewer of Spirent CyberFlood writes "I like the solution's flexibility". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Spirent CyberFlood is most compared with Ixia BreakingPoint and Ixia BreakingPoint VE, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and OWASP Zap. See our Spirent CyberFlood vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
