Application Security Testing (AST) Features

Read what people say are the most valuable features of the solutions they use.
SOAtest677 says in a Parasoft SOAtest review
Test Automation Developer at a tech services company with 11-50 employees
They have a feature where they can record traffic and create tests on the report traffic. That is one of the most valuable features that we've found. So we can run our UI automation tests and directly create services tests from that, which is really, really helpful. View full review »
Don Robbins says in a Checkmarx review
Software Configuration Manager at a tech vendor with 501-1,000 employees
I'm more of the admin as opposed to a user of Checkmarx. Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before. View full review »
Kyle Engibous says in a Veracode review
Systems Architect at a tech vendor with 201-500 employees
The most important one is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client. We pair that with dynamic scanning, which actually hits our Web applications, to try to detect any well-known Web application vulnerabilities as well. It's really just a way for us to stay ahead of it and provide some assurances and security with the software that we deliver. Also, Veracode has a nice API that they provide to allow for custom things to be built, or automation. We actually have integrated Veracode into our software development cycle using their API. We actually are able to automatically, every time a new build of a software is completed, submit that application, kick off a scan, and we get results in a much more automated fashion. So the API is a huge thing that we use from Veracode, in addition to those two types of scans. In terms of integrating Veracode into our existing software development life cycle, we heavily use JIRA today for bug tracking issues, time management, and the like, for our development team. When those scans kick, Veracode integrates back into our JIRA and actually open tickets with the appropriate development teams. We can use that as a measurement of vulnerabilities opened, closed; we can tie them to releases. So, we get a whole lot more statistical information about security in our software products. That's really what we use in measuring there, the integration back to JIRA in issues found. View full review »
Application Security Specialist at a tech services company with 5,001-10,000 employees
The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product). It also allows for more efficient and custom integration by allowing customized enhancements through the API support offered through the SSC portal. View full review »
Hassan-Moussafir says in a Rapid7 AppSpider review
Information Security Senior Expert (Founding member, African Cybersecurity Center) at a financial services firm with 10,001+ employees
The most valuable feature is the reporting, which is compliant with international standards. This solution will notify us about different RPGs, including the critical ones, and can report on risk or measure risk. Once we have this information then we can relay it to our internal developers. This solution performs well and is very efficient. View full review »
Milind Dharmadhikari says in a Checkmarx review
Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited
There are many features, but first is the fact that it is easy to use, and not complicated. One of the cool features is that it identifies the development technology that we are using on its own, whether it is Java or .NET or otherwise, it identifies it by itself. The most important aspect is that it shows us exactly, on which particular line, the vulnerability is. The user interface is very intuitive and it offers help on the fly. View full review »
Ravi says in a Klocwork review
Software Solutions Engineer at a tech services company with 11-50 employees
First will be the on the fly analysis as it is reducing the time for developing a code. One more best thing is the reports section which is very nice to understand. Also the support which is available for Industry Standards as well as we can also write our own internal standards and we can check during the analysis. View full review »
Directord98b says in a Veracode review
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
* The static scanning of the software is very important to us. * The ability to set policy profiles that are specific to us. * The software composition analysis, to give us reports on known vulnerabilities from our third-party components. View full review »
Ujjwal Gupta says in a Parasoft SOAtest review
Senior Technical Consultant at a tech company with 10,001+ employees
* Diff control tool * Reporting * Different service types of support (SOAP, REST, SAP RFC, and UI recording) * Third-party tool integration: GitHub and Jenkins. * Plug and play * Service virtualization * Marketplace View full review »
Assistan84a9 says in a Veracode review
Assistant Vice President of Programming and Development at a financial services firm with 501-1,000 employees
* Code analysis tool to help identify code issues before entered into production. * Vulnerability Management and mitigation recommendations help with resolution of issues found, prior to deployment to production. * Developer Sandboxes help move scanning earlier within the SDLC. * The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process. They have also offered cybersecurity e-learning for our team. View full review »
OpsRiskL10dc says in a WebInspect review
Ops Risk Lead at a tech services company with 10,001+ employees
Guided Scan option allows us to easily scan and share reports. View full review »
Sivanesh Waran says in a Klocwork review
Sr. Software Solution Engineer at Meteonic Innovation Pvt Ltd at a tech services company with 11-50 employees
The pre-checkin code review, industry standard checks, continuous integration (CI) and customized checkers are the most valuable features. View full review »
Leo Steenbergen says in a Parasoft SOAtest review
Testprofessional at a tech services company with 51-200 employees
* Fast and easy automated tests for UI * Interfaces (SOAP, REST) * Additional database queries * Easy validations on responses (soap, rest, json, sql, Gui) Most valuable for us is the combination of all these items in one solution for us. Broad user story scenario's from A to Z, though a chain of systems, including test data prerequisites. The next most valuable benefit over the past year is the possibility to use the tooling for continuous testing purposes, using the server-side run option 'as a web service' for (nightly) batch runs. View full review »
reviewer1184322 says in a Klocwork review
Software Chief Engineer at a transportation company with 10,001+ employees
I really like Klocwork's server client build because it allows collaboration between the team members. It takes the ratios and it has a portal where one can justify the issues. View full review »
reviewer1218672 says in an Acunetix Vulnerability Scanner review
IT Manager at a financial services firm with 1,001-5,000 employees
The most important feature is that we are able to parameterize all of the attacks so that our developers can run the attacks directly from their environments and desktops. They don't need any expertise or to know the difficulties of the attacker; they just run the tool and get the results. View full review »
Senior Quality Control Manager at a insurance company with 51-200 employees
The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports. View full review »
reviewer1186086 says in a WebInspect review
Senior Software Developer at a financial services firm with 10,001+ employees
It's a well-known platform for doing dynamic application scanning. View full review »
reviewer1005864 says in an Ixia BreakingPoint review
Director at a aerospace/defense firm with 1,001-5,000 employees
The solution has many protocols and options, making it very flexible. View full review »
Andrei Bigdan says in a Rapid7 AppSpider review
Executive Manager at B2B-Solutions LLC
The reporting on the solution is very good. You can choose between pulling a full report or a brief report if you like. It will show, in each section, if it passed or failed. If you utilize the full report, you'll get an explanation as to why it passed or failed as well, for example, each PCI DSS item will be marked as N/A, Passed or Failed (with details in full report). The solution scans everything, including sub-domains that were not specified. The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product. The solution is very portable and light. View full review »
Ernst Marais says in a Kiuwan review
Software Architect at Digital Solution Foundry (Pty) Ltd
The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating. The interface is usable and friendly. View full review »
reviewer1033890 says in a Kiuwan review
Head of Development and Consulting at a legal firm with 11-50 employees
This program is very easy to use. I can use this tool, and I am new to these kinds of tools. View full review »
Lead Security Architect at a financial services firm with 501-1,000 employees
The vulnerability scanning and patching features are the most valuable parts of the solution. View full review »
Consultant at a tech services company with 1,001-5,000 employees
The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level. View full review »
Nidhi Chamotra says in a PortSwigger Burp review
Business Analyst at a consultancy with 10,001+ employees
The solution is very user-friendly. The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately. View full review »
Cldengin57 says in a GitLab review
Cloud Engineer at a transportation company with 10,001+ employees
In GitLab, the most valuable feature is using information with a repository and using a containerized approach. You can use containers to create different jobs. The dashboard and interface make it easy to use. View full review »
Sign Up with Email