Find out what your peers are saying about CA Technologies, Checkmarx, Micro Focus and others in Application Security.
279,296 professionals have used our research since 2012.
Find out what your peers are saying about CA Technologies, Checkmarx, Micro Focus and others in Application Security.
279,296 professionals have used our research since 2012.
Chart Key
Average Rating
Average rating based on reviews
Views
Number of total page views
Comparisons
Number of times compared to another product
Reviews
Total number of reviews on IT Central Station
Followers
Number of followers on IT Central Station
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score. The score is calculated as follows: The product with the highest count in each area gets the highest available score. (20 points for Reviews; 16 points for Views, Comparisons, and Followers.) Every other product gets assigned points based on its total in proportion to the #1 product in that area. For example, if a product has 80% of the number of reviews compared to the product with the most reviews then the product's score for reviews would be 20% (weighting factor) * 80% = 16. For Average Rating, the maximum score is 32 points awarded linearly based on our rating scale of 1-10. If a product has fewer than ten reviews, the point contribution for Average Rating is reduced (one-third reduction in points for products with 5-9 reviews; two-thirds reduction for products with fewer than five reviews). Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
Most Views
From IT Central Station visitors
Most Followed
By IT Central Station users
Most Compared
From IT Central Station visitors

What is Application Security?

The members of IT Central Station were clear on what was most important when evaluating Application Security: while some also mentioned that the software should be silent and have the ability to lock down configuration settings, everyone agreed that quality Application Security should provide intelligent data and come with a solid reputation, a strong usage pattern, efficient data handling, and a clean design. Members also mentioned documentation and maintenance as benefits.


Best Application Security Tools, Software & Solutions

Read top reviews of Application Security solutions from the IT Central Station community:
Your trust is our top concern, so companies can't alter or remove reviews.
CA Technologies
Real User
Systems Architect at a tech vendor with 201-500 employees
Mar 26 2018

What is most valuable?

The most important one is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client. We pair that with dynamic... more»

How has it helped my organization?

We have a large developer base at our company ranging in a variety of skills sets. Some are very security aware, others really don't have the knowledge. What Veracode provides is really good feedback on what vulnerabilities were found in... more»

What needs improvement?

From a technical standpoint, I'm pretty happy with everything. The one thing I'd like to be able to do is schedule dynamic scans. Today we're kicking those off manually, but I believe that it's something have on their roadmap. Other than... more»
CA Technologies
Real User
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
Apr 12 2018

What is most valuable?

* The static scanning of the software is very important to us. * The ability to set policy profiles that are specific to us. * The software composition analysis, to give us reports on known vulnerabilities from our third-party components.

How has it helped my organization?

We do automated scanning, so we use it as part of our development cycle. We do both automated security scanning as well as our own automated testing. We run the two in parallel and treat both outputs of, let's say, a sales functionality test.... more»

What needs improvement?

It's really hard to criticize something that has become somewhat seamless for us. If they wanted to expand their capabilities into other areas of security, that would be fine. They're a very knowledgeable group of people. We do meetings with... more»
Find out what your peers are saying about CA Technologies, Checkmarx, Micro Focus and others in Application Security.
279,296 professionals have used our research since 2012.
CA Technologies
Real User
Information Security Engineer Team Lead at a hospitality company with 1,001-5,000 employees
May 02 2018

What is most valuable?

The reporting and mitigation features which allow our people to work on their own.

How has it helped my organization?

It has given us insight into the actual flaws that are out there, and the speed at which they're getting mitigated. Now, we're starting to see quantitative metrics to show the overall risk with code vulnerabilities. It has been very helpful... more»

What needs improvement?

The only areas that I'm concerned with are some of the newer code libraries, things that we're starting to see people dabble with. They move quickly enough to get them into the Analysis Engine, so I wouldn't even say it is a complaint. It is... more»
CA Technologies
Real User
Global Application Security at a pharma/biotech company with 1,001-5,000 employees
Apr 09 2018

What is most valuable?

The Static and Dynamic Analysis capabilities are very valuable to us.

How has it helped my organization?

We are able to create business policies, and the Veracode system allows us to enforce those policies. That's at the very high level. We're looking at improving the overall security quality of our software. We use it as a platform to help... more»

What needs improvement?

They've improved the speed of the inspection process. I'd never want the inspection process to become something that's suspect. False positives would diminish confidence in the results; if we don't continue to focus on reducing false... more»
CA Technologies
Real User
Chief Technology Officer
Mar 15 2018

What is most valuable?

Certainly it eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis.... more»

How has it helped my organization?

Firstly, it prevents me from putting out software that has security vulnerabilities, which is a big thing and can be one of the most important things. Also, we just finished a vendor due diligence with a very large company that wants to do... more»

What needs improvement?

The Web portal, at times, is not necessarily intuitive. I can get around when I want to but there are times when I have to email my account manager on: "Hey, where do I find this report?" Or "How do I do this?" They always respond with,... more»
WhiteSource
Real User
Head of Department for Software Engineering and Integration
Mar 07 2018

What is most valuable?

Several dashboards. The licenses dashboard, which gives me an overview of all the licenses used in our software. For example, right at the moment, there are several hundreds of licenses used. The licenses dashboard and release management... more»

How has it helped my organization?

We find licenses together with WhiteSource which are associated with a certain library, then we get a classification of the license. This is with respect to criticality and vulnerability, so we could take action and improve some things, or... more»

What needs improvement?

Every product has room for improvement, including WhiteSource. The stability of the product is web-based. We are obliged to use the Internet Explorer, and from time-to-time I get messages which tells me that I do not have the rights to use... more»
SonarQube
Real User
Senior Java Developer at a financial services firm
Aug 30 2017

What is most valuable?

Most features in the product are very useful, but there are some parts that I personally use more than others. 1. Code Convention: Using the tool to implement some sort of coding convention is really useful and ensures that the code is... more»

How has it helped my organization?

This product has helped us improve the quality of code within the business and ensure all new developers keep to a similar code convention per project. This can basically be tracked back to saving the company money, because improved quality... more»

What needs improvement?

* Upgrading the version of the server is a bit cumbersome and could be made slightly easier. Allowing admin users to upgrade the software through the front-end would make upgrading easier. * Another improvement is with false positives.... more»
CA Technologies
Real User
Information Technology at a insurance company with 51-200 employees
Mar 14 2018

What is most valuable?

It is great to have such insight into code without having to upload the source code at all. It saves a lot of NDA paperwork. The Visual Studio plugin allows the developer to seamlessly upload the code and get results as he works, with no... more»

How has it helped my organization?

We used to revise code with free tools static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL... more»

What needs improvement?

It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help (but not now, now that I've learned it).
CA Technologies
Real User
Senior Infrastructure Engineer at a healthcare company with 1,001-5,000 employees
Mar 13 2018

What is most valuable?

The most important features, I would say, are the scanning abilities and the remediation abilities within the product. Scanning because, obviously, we want to make sure that our application code is flaw-free. And the remediation tools are... more»

How has it helped my organization?

We've been able to provide reports to our clients that show applications are either flaw-free, or in the process of being remediated, and give them timely status updates on how those flaw remediations are going on. Our customers have... more»

What needs improvement?

Reporting. Some of the reporting features of Veracode do need improvement. They do not have the most robust access to data. That would be a bit more beneficial to a lot of our clients as well as our actual in-house staff. I've been talking to... more»
CA Technologies
Real User
SVP Application Security at a financial services firm with 10,001+ employees
May 17 2018

What is most valuable?

The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform,... more»

How has it helped my organization?

It has allowed us to scale and find vulnerabilities much faster than previous manual tools. It has allowed us to educate developers on it to use the consultation calls.

What needs improvement?

I would like to see more technical support for some of the connectors, some more detailed diagrams or run-books on how to install some of the stuff; more hand-holding in the sense of understanding our environment. They cover a lot of... more»
CA Technologies
Real User
CISO at Laboratory Corporation of America Holdings
May 17 2018

What is most valuable?

Veracode helps me in several implementations over a couple of industry sectors in a number of ways. My coding, especially the code we develop, has a number of faults per line and that costs me money and time to fix those, into the lifecycle.... more»

How has it helped my organization?

Interestingly enough, Veracode has evolved over time. Their chief designer has been a leader in security for many years and his insights into applications, and what we now consider DevOps, has been very helpful for the industry. The insights... more»

What needs improvement?

As we move to more of a mobile space, much of the code was developed on desktops, mobile laptops, and things. Mobile apps run differently and they have a different runtime. Chris Wysopal and I have talked several times over the past few years... more»
Onapsis
Consultant
SAP Security Consulting Engineer at a software R&D company with 501-1,000 employees
Sep 29 2016

What is most valuable?

SAP intrusion detection on the entire landscape is the product’s most valuable feature.

How has it helped my organization?

It has hardened our SAP system by providing details of vulnerabilities in our SAP landscape. Before installing and configuring the Onapsis software, it would have taken an indefinable amount of time to search and monitor the system for... more»

What needs improvement?

I really love how Onapsis X1 is able to check SAP for threats; the reporting was something I felt could be improved. It could be a little easier to use and to publish for consumption with a larger audience. Currently, it takes some background... more»
CA Technologies
Real User
VP Development
Mar 29 2018

What is most valuable?

We just use the static scan, it's all we got into as of now. We're happy with that, it seems to work very well for us.

How has it helped my organization?

The coding standards in our development group have improved. When we scan our code - at the end of a build cycle we'll go through and scan our code - from those scans we've learned the patterns and techniques to make our code more secure. An... more»

What needs improvement?

Going through the mitigation is probably the hardest thing to do and that's still an ongoing process. If there is a code issue to mitigate, it sometimes takes a little bit longer than what you would think. It might not be anything that... more»
PortSwigger
Consultant
Senior Information Security Analyst at a tech services company with 10,001+ employees
Dec 19 2017

What is most valuable?

Burp is the best web application penetration testing tool that I have ever used. Although all the features of Burp are very useful, I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is... more»

How has it helped my organization?

The customer is almost all the time results-oriented and they want them real quick. Burp gives my organization a great authentic source of information on the security posture of web infrastructure. PortSwigger launched a feature called Burp... more»

What needs improvement?

The one feature that I would like to see in Burp is active scanning of REST based web services. A lot of organizations are providing APIs to access their services to support different business models like SaaS. Scanning these APIs is still a... more»
Vendor
Sr. Director, Cloud Platform Engineering at a tech vendor with 1,001-5,000 employees
Jun 30 2017

What is most valuable?

We’re a Linux shop and Qualys gave us good Linux vulnerability scanning; no experience with it on MSFT products. It reports only a few glaring false-positive errors (directory ownership was a common one), and our post-processing dealt with... more»

How has it helped my organization?

The biggest benefit was integrating Qualys scanning into our CI/CD pipeline to vulnerability-scan new custom machine images or AWS) before deployment. We’d build the image, instantiate it, run Qualys against it, get the report, post-process... more»

What needs improvement?

The licensing and user permissions are a little wonky for a DevOps team to use, probably because it’s traditionally an InfoSec tool.
Real User
Executive Director at a tech consulting company with 51-200 employees
Aug 25 2017

What is most valuable?

* The ability to utilize the Client Portal, which provided my clients with a view of the project status, vulnerabilities and needed remediation steps in real-time * I don’t know of any other On-Demand enterprise solution like this one where... more»

How has it helped my organization?

The HP FoD effort allowed my client to utilize this service anytime their internal IT team was overwhelmed with workloads. FoD gives them an option to utilize the additional HP Services when they are overwhelmed with other IT Security needs... more»

What needs improvement?

* I believe that sales packages should be posted for single applications, and packages of multiple applications. For example, we have one-time a package for single applications, and 12 month unlimited use for static and a package for static... more»
Checkmarx
Real User
Technical Program Manager at a engineering company with 10,001+ employees
Feb 26 2017

What is most valuable?

* The export feature and presentation of the results. * The ability to track the vulnerabilities inside the code (origin and destination of weak variables or functions). * A wide variety of modern programming languages are supported,... more»

How has it helped my organization?

For manual code testing, Checkmarx has been very helpful discarding false positives, filtering and removing a lot of files that are not presenting any threat, as well as indicating the files or functions that should be focused upon. Checkmarx... more»

What needs improvement?

The lack of ability to review compiled source code. It would then be able to compete with other scanning tools, such as Veracode. Compiled code means that the code written is stored in binaries, for machine reading only. Tools like Veracode... more»
CA Technologies
Real User
Cyber Security Engineer at a Consumer Goods with 1,001-5,000 employees
May 17 2018

What is most valuable?

For me, at the program manager level, I'm not a developer. What I do is run applications through a security program. What's important for me, from Veracode, is the all-in-one metrics location. I can see where everything is across the entire... more»

How has it helped my organization?

It has given us visibility into the applications we have that are participating in the application security program.

What needs improvement?

Speed. When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little... more»
SonarQube
Real User
Senior Software Developer at a tech vendor
Jul 10 2017

What is most valuable?

Quality Gate: Automated rules for determining if a project is above or below a quality threshold. This is a concise "red"/"green" style, basic quality-control. This is integrated in the development and deployment process. Issue Explanations:... more»

How has it helped my organization?

Better live process: More automated quality control in the lifecycle of development/testing/deployment/production. This includes the prevention of potential bugs due to ineffective code, as well as keeping a more unified style of solutions.... more»

What needs improvement?

Deep intelligence and smarter code analysis: There are many cases where a bug or critical issue is reported. However, there is very little chance of rewriting the solution in some other way due to several circumstances. The written solution... more»
CA Technologies
Real User
Technical Program Manager at a engineering company with 10,001+ employees
Feb 09 2017

What is most valuable?

* Customer and professional support * Live sessions and training * The coverage of the last vulnerabilities reported * The coverage of the programming languages

How has it helped my organization?

We decided to begin a partnership with Veracode, so we can improve our services and provide the customers that trust us with a platform capable to report vulnerabilities and also delegate and keep tracking of the remediation until the... more»

What needs improvement?

* To be able to upload source codes without being compiled. That’s one feature that drives us to see other sources. Compiled code means that the code written is stored in binaries for machine reading only. Veracode reads only those binaries; } }
Find out what your peers are saying about CA Technologies, Checkmarx, Micro Focus and others in Application Security.
279,296 professionals have used our research since 2012.

Application Security Articles

Social Media & Community Coordinator
IT Central Station
This past June, just half-way into 2017, over 790 U.S. data breaches had already been reported, according to the Identity Theft Resource Center (ITRC). This was a half-year record high and a 29% jump from the same time period in 2016. 63% of those breaches were caused by cyber attacks. Many... more»
Social Media and Content Manager
IT Central Station
What do users say about their application security tools? What do Users Look for when Choosing their Application Security Tools? Which application security tools do IT professionals such as QA engineers and software developers choose to protect their applications from external... more»
Market Analyst
IT Central Station
HPE Fortify on Demand, Checkmarx, Veracode, IBM Security AppScan, QualysGuard Web Application Scanning What are the best application security testing tools? IT Central Station’s crowdsourced platform helps technology professionals make informed decisions, by providing user reviews without... more»
101
Ex Senior Security Analyst and Onsite consultant
A Security Engineer by profession and an Electronics and Communication Engineer by education. My keen interest lies on simplifying processes and managing people in challenging situations. Qualities like diligence,sincerity,reliability,punctuality,effective communication, a detailed... more>>
Reviewed Netsparker Web Application Security Scanner: Efficient in highlighting medium-low...
5,933
TOP 5POPULAR
Information Security Advisor, CISO & CIO, Docutek Services
About my business: Docutek is a leading business and technology consulting company specializing in the development and implementation of healthcare technology since 2008. We deliver Consulting, Integration, Support and Training. We also provide clients with security assessment. network... more>>
5
Software Security Consultant
Make this world safer
423
Senior Information Security Analyst
Working as a security analyst at Accenture, Gurgaon. As part of routine job perform VA and PT on Infrastructure and Web applications using tools like Rapid7 Nexpose, Rapid7 Metasploit Pro, Portswigger Burp, OWASP ZAP etc Like to develop automation tools like scripts using UNIX/Linux Shell... more>>
78
Technical Team Lead
Jefe de proyecto de desarrollo de software desde 2005, destacando el contacto con el negocio, la toma de requisitos, la gestión de personas y la planificación de proyectos. Desarrollo de aplicaciones móviles por cuenta propia desde 2010. Specialties: Análisis de problemas, toma de... more>>
239
SAP Security Consulting Engineer
Accomplished SAP Security Senior Manager with extensive experience in security design solutions in global FDA validated systems. Known for delivering complex projects on time and under budget in diverse industries, including bio pharma, oil and gas, manufacturing and information technology. ... more>>

Sign Up with Email