Application Security Features

Read what people say are the most valuable features of the solutions they use.
Don Robbins says in a Checkmarx review
Software Configuration Manager at a tech vendor with 501-1,000 employees
I'm more of the admin as opposed to a user of Checkmarx. Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before. View full review »
Kyle Engibous says in a Veracode review
Systems Architect at a tech vendor with 201-500 employees
The most important one is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client. We pair that with dynamic scanning, which actually hits our Web applications, to try to detect any well-known Web application vulnerabilities as well. It's really just a way for us to stay ahead of it and provide some assurances and security with the software that we deliver. Also, Veracode has a nice API that they provide to allow for custom things to be built, or automation. We actually have integrated Veracode into our software development cycle using their API. We actually are able to automatically, every time a new build of a software is completed, submit that application, kick off a scan, and we get results in a much more automated fashion. So the API is a huge thing that we use from Veracode, in addition to those two types of scans. In terms of integrating Veracode into our existing software development life cycle, we heavily use JIRA today for bug tracking issues, time management, and the like, for our development team. When those scans kick, Veracode integrates back into our JIRA and actually open tickets with the appropriate development teams. We can use that as a measurement of vulnerabilities opened, closed; we can tie them to releases. So, we get a whole lot more statistical information about security in our software products. That's really what we use in measuring there, the integration back to JIRA in issues found. View full review »
Application Security Specialist at a tech services company with 5,001-10,000 employees
The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product). It also allows for more efficient and custom integration by allowing customized enhancements through the API support offered through the SSC portal. View full review »
Russell Webster says in a Sonatype Nexus Lifecycle review
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees
Its core features are the most valuable: * protection * scanning * detection * notification of vulnerabilities. It's important for us as an enterprise to continually and dynamically protect our software development from threats and vulnerabilities, and to do that as early in the cycle as possible. Also, the onboarding process is pretty smooth and easy. We didn't feel like it was a huge problem at all. We were able to get in there and have it start scanning pretty rapidly. The data quality is really good. They've got some of the best in the industry as far as that is concerned. As a result, it helps us to resolve problems faster. The visibility of the data, as well as their features that allow us to query and search - and even use it in the development IDE - allow us to remediate and find things faster. The solution also integrated well with our existing DevOps tool. That was of critical importance to us. We built it directly into our continuous integration cycles and that's allowed us to catch things at build time, as well as stop vulnerabilities from moving downstream. View full review »
Steven Gomez says in a SonarQube review
Lead Engineer at a pharma/biotech company with 1,001-5,000 employees
I like the dashboard it shows by default, where you can see things at a glance. At the same time, you can also drill way down and see a lot of stuff about your code, like complexity metrics, and things like that. It gives you a nice dashboard where you can just look at a birds-eye view. View full review »
Milind Dharmadhikari says in a Checkmarx review
Practice Head - IT Risk & Security Management Services at Suma Soft Private Limited
There are many features, but first is the fact that it is easy to use, and not complicated. One of the cool features is that it identifies the development technology that we are using on its own, whether it is Java or .NET or otherwise, it identifies it by itself. The most important aspect is that it shows us exactly, on which particular line, the vulnerability is. The user interface is very intuitive and it offers help on the fly. View full review »
Ravi says in a Klocwork review
Software Solutions Engineer at a tech services company with 11-50 employees
First will be the on the fly analysis as it is reducing the time for developing a code. One more best thing is the reports section which is very nice to understand. Also the support which is available for Industry Standards as well as we can also write our own internal standards and we can check during the analysis. View full review »
Directord98b says in a Veracode review
Director Security and Risk OMNI Cloud Operations at a tech vendor with 1,001-5,000 employees
* The static scanning of the software is very important to us. * The ability to set policy profiles that are specific to us. * The software composition analysis, to give us reports on known vulnerabilities from our third-party components. View full review »
Assistan84a9 says in a Veracode review
Assistant Vice President of Programming and Development at a financial services firm with 501-1,000 employees
* Code analysis tool to help identify code issues before entered into production. * Vulnerability Management and mitigation recommendations help with resolution of issues found, prior to deployment to production. * Developer Sandboxes help move scanning earlier within the SDLC. * The platform itself has a lot of AppSec best practices information, especially in the mitigation recommendation process. They have also offered cybersecurity e-learning for our team. View full review »
Josep Barranco says in a WhiteSource review
Director at a media company with 1,001-5,000 employees
Scanning/collecting third-party libraries and classifying license types. In this way we ensure our third-party software policy is followed and that we’re not using “forbidden” libraries. View full review »
SeniorIneab1 says in a Veracode review
Senior Information Security Program Manager at a financial services firm with 10,001+ employees
* The ability on static scans to be able to do sandbox scans which do not generate metrics. * Gives us every vulnerability that has been identified, so there is no human intervention. Therefore, we can actually look and prioritize our own vulnerabilities as opposed to having someone else try to get in between. View full review »
Sivanesh Waran says in a Klocwork review
Sr. Software Solution Engineer at Meteonic Innovation Pvt Ltd at a tech services company with 11-50 employees
The pre-checkin code review, industry standard checks, continuous integration (CI) and customized checkers are the most valuable features. View full review »
Daniel Hall says in a WhiteSource review
Technical Architect at a energy/utilities company with 1,001-5,000 employees
The most valuable feature is the inventory, where it compiles a list of all of the third-party libraries that we have on our estate. This helps us quite a bit. View full review »
Ernst Marais says in a Kiuwan review
Software Architect at Digital Solution Foundry (Pty) Ltd
The most valuable feature is the time to resolution, where it tells you how long it is going to take to get to a zero-base or a five-star security rating. The interface is usable and friendly. View full review »
reviewer1033890 says in a Kiuwan review
Head of Development and Consulting at a legal firm with 11-50 employees
This program is very easy to use. I can use this tool, and I am new to these kinds of tools. View full review »
SecurityEngineer0015 says in a Coverity review
Security Engineer at a comms service provider with 10,001+ employees
The security analysis features are the most valuable features of this solution. View full review »
Lead Security Architect at a financial services firm with 501-1,000 employees
The vulnerability scanning and patching features are the most valuable parts of the solution. View full review »
Yantao Zhao says in a Coverity review
Software Integration Engineer at Thales Australia
The features I find most valuable is that our entire company can publish the analysis results into our central space. That allows us to see the latest quality of all components on the sonar web page. View full review »
Consultant at a tech services company with 1,001-5,000 employees
The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level. View full review »
Nidhi Chamotra says in a PortSwigger Burp review
Business Analyst at a consultancy with 10,001+ employees
The solution is very user-friendly. The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately. View full review »
Founding Partner at da ros e associati srl
One of the features I like about this program is the low number of false positives and the support it offers. View full review »
SrLeadSo5b76 says in a Sonatype Nexus Lifecycle review
Sr Lead Solution Services at a financial services firm with 201-500 employees
The scanning is fantastic. The dashboard is usable and gives us clear visibility into what is happening. It also has a very cool feature, which allows us to see the clean version available to be downloaded. Therefore, it is very easy to go and trace which version of the component does not have any issues. The dashboard can be practical, as well. It can wave a particular version of a Java file or component. It can even grandfather certain components, because in a real world scenarios we cannot always take the time to go and update something because it's not backward compatible. Having these features make it a lot easier to use and more practical. It allows us to apply the security, without having an all or nothing approach. The application's onboarding and policy grandfathering features are very easy to use. Most developers who I have given access have picked it up easily. The documentation is fantastic. I've never had a reason to contact support or asked a question, as most of the answers are available. It provides all up-to-date data information on the vulnerable issues for the various components that are available. I am able to see that various versions of the application are clear. Sometimes, there is a direct reference , so we can see what the issue is and what are the workarounds, if any, that there are available. It will even suggest certain steps which could be taken to remediate the issue. This helps streamline all the information available instead of us going to multiple sources and having to correlate information. Everything is easily available in a streamline manner. It is easy to access, review, make decisions, and proceed with fixes. View full review »
CyberSecAn08987 says in a PortSwigger Burp review
Cyber Security Analyst at a tech vendor with 1,001-5,000 employees
The Spider is the most useful feature. It helps to analyze the entire web application and it finds all the passes and offers an automated identification of security issues. View full review »
Senior Application Security Analyst at a financial services firm with 10,001+ employees
What is most useful is how you can have related features upgraded on the tools. The tools themselves have details for the code as well, where the issues have been flagged, and all the vulnerabilities are there, in one place. View full review »
Manager for Technology Services at a non-tech company with 10,001+ employees
The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution. View full review »
Sign Up with Email