It's comprehensive from a feature standpoint.
My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous.
One of the most valuable features is it is flexible.
The features and technologies are very good. The flexibility and the roadmap have also been very good. They're at the forefront of delivering the additional capabilities that are required with cloud delivery, etc. Their ability to deliver what customers require and when they require is very important.
I have found the best features to be the performance and there are a lot of additional plugins available.
The solution has a great user interface.
Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.
The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation.
Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden.
The stability of the solution is very good.
The solution is good at reporting the vulnerabilities of the application.
By far, the thing that was able to provide value was the immediate response while testing ahead of release, in real-time.
In our most critical applications, we have a deep dive in the code evaluation, which was something we usually did with periodic vulnerability assessments, code reviews, etc. Now, we have real time access to it. It's something that has greatly enhanced our code's quality. We have actually embedded a KPI in regards to the improvement of our code shell. For example, Contrast provides a baseline where libraries and the usability of the code are evaluated, and they produce a score. We always aim to improve that score. On a quarterly basis, we have added this to our KPIs.
I have had no problem with the stability of the solution.
I like GitLab from the CI/CD perspective. It is much easier to set up CI/CD and then integrate with other tools.
Advice From The CommunityRead answers to top Application Security Testing (AST) questions. 476,892 professionals have gotten help from our community of experts.
See more Application Security Testing (AST) questions »
Rony_SklarCommunity Manager at IT Central Station
Many companies wonder about whether SAST or DAST is better for application security testing. What are the relative benefits of each methodology? Is it possible to make use of both?