We performed a comparison between HCL AppScan, Trustwave App Scanner [EOL], and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most valuable feature of the solution is the scanning or security part."
"We use it as a security testing application."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"Compared to other tools only AppScan supports special language."
"The security and the dashboard are the most valuable features."
"The static scans are good, and the SaaS as well."
"The solution is easy to use."
"The stability is great. We haven't had any issues at all with it."
"What I found most valuable in Veracode is that it gives me a part-by-part report of the entire EAR file and lets me set up the application for a limited time. Once that expires, Veracode allows you to automatically renew it, which is one of the features I find remarkable in Veracode."
"It is easy to use for us developers. It supports so many languages: C#, .NET Core, .NET Framework, and it even scans some of our JavaScript. You just need the extension to upload the files and the reports are generated with so much detail."
"The most valuable feature of Veracode Static Analysis is the scanning."
"The coverage of the last vulnerabilities reported."
"Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability."
"I like Veracode's ease of integration with various cloud platforms and tools."
"Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers."
"It has almost completely eliminated the presence of SQLi vulnerabilities."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"Sometimes it doesn't work so well."
"The databases for HCL are small and have room for improvement."
"The solution could improve by having a mobile version."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"A desktop version should be added."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
"The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."
"We have approximately 900 people using the solution. The solution is scalable, but there is a high cost attached to it."
"One of the things that we have from a reporting point of view, is that we would love to see a graphical report. If you look through a report for something that has come back from Veracode, it takes a whole lot of time to just go through all the pages of the code to figure out exactly what it says. We know certain areas don’t have the greatest security features but those are usually minor and we don’t want to see those types of notifications."
"Veracode would benefit greatly from more training resources. The videos are great, but I would like more hands-on training writing a script, validating a script with a unit test in a different language, etc. That's something that would be very valuable."
"Ideally, I would like better reporting that gives me a more concise and accurate description of what my pain points are, and how to get to them."
"Veracode needs to improve its integration with other tools."
"We have encountered occasional issues with scalability."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
Earn 20 points