We performed a comparison between Tenable.io Web Application Scanning and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"The solution is stable."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"The most effective feature of the product is the ability to scan the entire environment."
"The initial setup is straightforward."
"The solution's instant reports feature is the most effective for detecting threats."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly."
"The dynamic scanning tool is what I like the best. Compared to other tools that I've used for dynamic scanning, it's much faster and easier to use."
"I like Veracode's API. You can put it into a simple bash script and run your own security testing from your MacBook in less than 15 minutes."
"We have such a wide variety of users for Veracode, including security champions, development leads, developers themselves, that the ease of use is really quite important, because we don't assume anything about what those people might already know, or need to know. It just makes it very useful for anyone who has to engage with it."
"It helps me to detect vulnerabilities."
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"Veracode does not require any maintenance."
"The reporting has a very limited customization capability."
"The report customization needs to be better."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."
"The dashboard could be more user-friendly."
"It isn't easy to manage vulnerabilities in Tenable."
"The solution's dashboards could be improved and made more user-friendly."
"The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I find this report?" Or "How do I do this?" They always respond with, "Here's how you do it." But that points to a somewhat non-intuitive portal."
"It can have more APIs and capabilities to handle other things well. We were doing a trial for it. There were two things that I looked at: one was uploading some Java-related content and the other was uploading database SQL files and having the review done on the quarterback. The Java portion of it worked fine, and it was pretty seamless, but the database portion was not. We uploaded some files to use for vulnerabilities, and the tell-all portion of it was pretty easy. We uploaded a war file and Java files, and we got the reports back on these. They were pretty clear to understand. We did the same thing for the database portion for the most part. However, the content wasn't getting uploaded in a predictable fashion, and it was slow and hard to get done. We had to do it over and over. After it indicated that the content was uploaded, there were no results. There were zero search findings. It was possibly a user error, something that we didn't do correctly, but they had acknowledged that it was something they were currently enhancing. This is something that could be made easier if they haven't already done that. I don't know how many releases they've had in that timeframe. I haven't looked at it since then. It was a trial period."
"I would like to see improvement on the analytics side, and in integrations with different tools. Also, the dynamic scanning takes time."
"Maybe the pipeline scanning doesn't support enough languages. It might only support Java and Python only, so that could be improved."
"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
"It takes a lot of time to scan the applications. They can make them faster and provide an option to scan a specific portion of the app. Such a feature would be very helpful."
"There were some additional manual steps or work involved that we should not have needed to do."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Tenable.io Web Application Scanning is rated 7.6, while Veracode is rated 8.2. The top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, Fortify on Demand, PortSwigger Burp Suite Professional and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Tenable.io Web Application Scanning vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.