Application Security Forum

Ad84c32d 0949 42fe 8748 9a7444b3a48b avatar
Content Specialist
IT Central Station
Feb 27 2018
One of the most popular comparisons on IT Central Station is SonarQub and Veracode. People like you are trying to decide which one is best for their company. Can you help them out? Is SonarQube better than Veracode? What is the biggest difference between these two solutions, and which would you recommend? Thanks for helping your peers make the best decision! --Rhea
Anonymous avatar x30
John PackThey are used for two different purposes. If your preference is Software/Application Security then Veracode or Fortify or Checkmarx can be evaluated based on the programming language and issue coverage, also integration and usability options. If your preference is code quality then SonarQube or CAST can be evaluated based on your requirement or wish list. Keep in mind, one (quality) can not replace another one (software) so decide based on your needs. Good luck!
52d9d528 81ec 417e a71f 572253d5cae3 avatar
Ramesh KaranamI didn't get an opportunity to work on Veracode. However I would like put my thoughts on SonarCube a.) It is very to easy ingrate with multiple open source configuration tools like Jenkins b) It is collaboration with Microsoft and SonarQube and Microsoft integration is much easier and should be able to all Code analysis based configured rules from TFS build / even from Visual Studio IDE. c.) There are plug-ins available from SonarQube, once you install them, user can able to see Sonar results on Visual studio IDE for that project d.) supports multiple language static code analysis like c#, java, angular, SQL etc. e.) option to create our user management and provided access rights based on user role. f.) Its Dashboard representation is very good and also lots of options to customize dashboard h.) Easy installation I.) Easy navigation to source code (or even particular code part) based on code analysis error.
Anonymous avatar x30
Rambabu KanugulaBoth tools are important and meant for different purpose. Sonarcube for code quality and veracode for static, dynamic and third party code analysis which is specific to understand security flaws
Anonymous avatar x80
Category Analyst at a financial services firm with 1,001-5,000 employees
Oct 03 2017
Hi Everyone, I am currently sourcing for an alternative firewall solution to replace the existing solution being used by my organization on commercial considerations and Palo-Alto has been recommended. I have done a lot of research but I also need to compliment that with expert opinions.
2361949e ab82 49a0 9323 e878255b194c avatar
Senior Web Developer at KPMG
We have always heard that if we compress the file it reduces the size and we can send it easily. But my question is, does compressing always decrease the size of the file or does it increase as well? 
2361949e ab82 49a0 9323 e878255b194c avatar
Senior Web Developer at KPMG
Encrypt means to convert (information or data) into a cipher or code, especially to prevent unauthorized access. Compression is a reduction in the number of bits needed to represent data. So the question is, what do we do first? Encrypt or compress during data transmission?
Jim bray li?1415308934
Jim BrayThis question regarding encrypt and compress data, in which order was a good exercise. Other decision factors that you have to include in the decision process are, what are the business requirements, regulatory requirements, compliance requirements, cyber insurance requirements and the most important requirements are where is the data being stored and who will have access to it. Digital certificates, de-crypt keys and tokens have to be managed in a highly controlled environment. OneSignOn experienced a security breach in March 2017 that got to the de-crypt keys. Most likely an inside job. Here is the link to the news article.
Anonymous avatar x30
reviewer570081First compress and then encrypt.
Hello I use Acunetix 11, There is an internal Server Error in all web service scans (V10 , V11). I wonder what is the reason of this error and how can I fix it. For further details, We have a WCF web service. Best Regards.

Sign Up with Email