We performed a comparison between Parasoft SOAtest and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Good write and read files which save execution inputs and outputs and can be stored locally."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"Technical support is helpful."
"Every imaginable source in the entire world of information technology can be accessed and used."
"Since the solution has both command line and automation options, it generates good reports."
"We have seen a return on investment."
"They have a feature where they can record traffic and create tests on the report traffic."
"If you want something that’s not provided out of the box, then you can write it yourself and integrate it with SOAtest."
"The automation of Veracode is great because we no longer have to run manual testing."
"Stable and scalable, with good reporting features. Helps in detecting and managing vulnerabilities and risks."
"When we do have errors, Veracode is always available, their consultants, to help us either mitigate the error, or provide technical assistance on pointing exactly where the problem is and how we could probably fix it. I'm always amazed at how knowledgeable they are."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester."
"It has caught lots of flaws that could have been exploited, like SQL injection flaws. It has also improved developer engagement with information security."
"I like Veracode's ease of integration with various cloud platforms and tools."
"Our development team use this solution for static code analysis and pen testing."
"Tuning the tool takes time because it gives quite a long list of warnings."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"From an automation point of view, it should have better clarity and be more user friendly."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"The summary reports could be improved."
"The performance could be a bit better."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"I would like to see expanded coverage for supporting more platforms, frameworks, and languages."
"There are few languages that take time for scanning. It covers the majority of languages from C to Scala, but it doesn't support certain languages and the newer versions of certain languages. For example, it doesn't support SAP and new JavaScript frameworks such as Node.js and React JS. They can include support for these. If you go to their website, you can see the list of languages that are currently supported. The false-positive rates are also something they can work on."
"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."
"Veracode has a few shortcomings in terms of how they handle certain components of the UI. For example, in the case of the false positive, it would be highly desirable if the false positive don't show up again on the UI, instead still showing up for any subsequent scan as a false positive. There is a little bit of cluttering that could be avoided."
"Scanning large amounts of code can be a time-consuming process and there is scope for improvement."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"The user interface can sometimes be a little challenging to work with, and they seem to be changing their algorithm on what is an issue. I understand why they do it, but it sometimes causes more work on our end."
"The dynamic scanning feature works, but it doesn't work properly for some of our applications. It doesn't allow us to skip. They claim that we can do this, but it doesn't work when we're scanning the applications in real-time."
Parasoft SOAtest is ranked 29th in Static Application Security Testing (SAST) with 30 reviews while Veracode is ranked 2nd in Static Application Security Testing (SAST) with 194 reviews. Parasoft SOAtest is rated 8.2, while Veracode is rated 8.2. The top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Selenium HQ, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Parasoft SOAtest vs. Veracode report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.