We performed a comparison between HCL AppScan, PortSwigger Burp Suite Professional, and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."We are now deploying less defects to production."
"We leverage it as a quality check against code."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"The product has valuable features for static and dynamic testing."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"It provides a better integration for our ecosystem."
"The reporting part is the most valuable feature."
"The solution has a limited range of functions, which is good for small companies. This is because, in small companies, websites are less complex. They also have single services which makes the solution good enough for them. However, the most advantageous aspect of the solution is its affordable price."
"Once I capture the proxy, I'm able to transfer across. All the requested information is there. I can send across the request to what we call a repeater, where I get to ready the payload that I send to the application. Put in malicious content and then see if it's responding to it."
"The suite testing models are very good. It's very secure."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"It was easy to learn."
"PortSwigger Burp Suite Professional is one of the best user-friendly solutions for getting the proxy set up."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"It provides security of different Shadow IT activities in our environment, especially around application development and website hosting."
"Integrations into our developer's IDE (Greenlight) and the DevOps Pipeline SAST / SourceClear Integrations has particularly increased our time to market and confidence."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"When those scans kick, Veracode integrates back into our JIRA and actually open tickets with the appropriate development teams. We can use that as a measurement of vulnerabilities opened, closed; we can tie them to releases. So, we get a whole lot more statistical information about security in our software products."
"The most valuable feature is the security and vulnerability parts of the solution. It shows medium to high vulnerabilities so we can find them, then upgrade our model before it is too late. It is useful because it automates security. Also, it makes things more efficient. So, there is no need for the security team to scan every time. The application team can update it whenever possible in development."
"Veracode supports a broad range of code technologies, and it can analyze large applications. Fortify takes a long time and may not be able to generate the report for larger applications. We don't have these constraints with Veracode."
"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."
"The Veracode support team is excellent."
"The solution could improve by having a mobile version."
"The product has some technical limitations."
"There is not a central management for static and dynamic."
"Sometimes it doesn't work so well."
"IBM Security AppScan Source is rather hard to use."
"HCL AppScan needs to improve security."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"Scanning needs to be improved in enterprise and professional versions."
"The scanner and crawler need to be improved."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"If your application uses multi-factor authentication, registration management cannot be automated."
"Currently, the scanning is only available in the full version of Burp, and not in the Community version."
"The tool is very expensive."
"The pricing of the solution is quite high."
"We have encountered occasional issues with scalability."
"There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."
"There were some additional manual steps or work involved that we should not have needed to do."
"There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed."
"The runtime code analysis could be improved so that we can see every element in one place."
"Another thing I need is continued support for the new languages today that are popular. Most of them are scripting languages more so than real, fourth-generation, commercial grade stuff; we're evolving. Most applications are using so much open-source that, quite frankly, it would be great to see Veracode, or anybody else, extend their platform to where they are able to help secure open-source platforms or repositories."
"I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help."
"The overall reporting structure is complicated, and it's difficult to understand the report."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →