We performed a comparison between Acunetix, HCL AppScan, and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."For us, the most valuable aspect of the solution is the log-sequence feature."
"The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"Acunetix has an awesome crawler. It gives a referral site map of near targets and also goes really deep to find all the inputs without issues. This was valuable because it helped me find some files or directories, like web admin panels without authentication, which were hidden."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The most valuable feature of Acunetix is the UI and the scan results are simple."
"The most valuable feature of the solution is Postman."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"Compared to other tools only AppScan supports special language."
"This solution saves us time due to the low number of false positives detected."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The solution is easy to use."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better."
"The source composition analysis component is great because it gives our developers some comfort in using new libraries."
"I can have quick results by just uploading compiled components."
"What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities."
"The best feature of Veracode is that we can do static and dynamic scans."
"Veracode is very easy to use."
"With the tools that Veracode provides, our developers are actually able to comprehend what the vulnerability was and then resolve it. So a lot of knowledge has been grown as a result, around security, with our developers."
"Developer Sandboxes help move scanning earlier within the SDLC."
"While we do have it integrated with other solutions, it could still offer more integrations."
"Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS."
"There are some versions of the solution that are not as stable as others."
"Acunetix needs to include agent analysis."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"The solution's pricing could be better."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"They should have a better UI for dashboards."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"They have to improve support."
"HCL AppScan needs to improve security."
"IBM Security AppScan Source is rather hard to use."
"AppScan is too complicated and should be made more user-friendly."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"Because our application is large, it takes a long time to upload and scan."
"From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front."
"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."
"They need to have a plug-in, a better integration with the development environment."
"The overall reporting structure is complicated, and it's difficult to understand the report."
"Veracode can be improved in terms of software composition analysis and related vulnerabilities."
"We tried to create an automatic scanning process for Veracode and integrate it into our billing process, but it was easier to adopt it to repositories based on GIT. Until now, our source control repository was Azure DevOps Server (Microsoft TFS) to managing our resources. This was not something that they supported. It took us some sessions together before we successfully implemented it."