Fortify Application Defender vs Trustwave App Scanner [EOL] vs Veracode comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Fortify Application Defender, Trustwave App Scanner [EOL], and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.
To learn more, read our detailed Application Security Tools Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The product saves us cost and time.""The most valuable feature is that it analyzes data in real-time.""Its ability to find security defects is valuable.""The solution helped us to improve the code quality of our organization.""The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions.""The most valuable features of Fortify Application Defender are the code packages that are default.""The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology.""We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."

More Fortify Application Defender Pros →

"The stability is great. We haven't had any issues at all with it."

More Trustwave App Scanner [EOL] Pros →

"The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws.""The SAST and DAST modules are great.""The dashboards and the threat insights it provides are very good. The dashboards are intuitive and pretty straightforward, but also pretty detailed.""Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it.""It gives me an idea about the most important vulnerabilities and fast remediation tips.""We like the fact that all the issues are identified and that Veracode provides sufficient information on how to resolve them.""What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred.""The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."

More Veracode Pros →

Cons
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java.""The solution is quite expensive.""The licensing can be a little complex.""Support for older compilers/IDEs is lacking.""The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours.""Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy.""The false positive rate should be lower.""The workbench is a little bit complex when you first start using it."

More Fortify Application Defender Cons →

"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."

More Trustwave App Scanner [EOL] Cons →

"The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size.""Some important languages are not supported.""The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed.""Calypso (our application) is large and the results take up to two months. Further, we also have to package Calypso in a special manner to meet size guidelines.""The scanning process for records could be faster and there is room for improvement in Veracode's performance.""In some cases we use their APIs; they're not as rich as I would like.""In the future, I would like to see the RASP capability built-in.""I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."

More Veracode Cons →

Pricing and Cost Advice
  • "The base licensing costs for the SaaS platform is about $900 USD per application, per year."
  • "The price of this solution could be less expensive."
  • "The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
  • "Fortify Application Defender is very expensive."
  • "The product’s price is much higher than other tools."
  • More Fortify Application Defender Pricing and Cost Advice →

    Information Not Available
  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."
  • More Veracode Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The product does not work well with Java coding. The false positive rate should be lower. The product should introduce… more »
    Ask a question

    Earn 20 points

    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:The SAST and DAST modules are great.
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and… more »
    Ranking
    Views
    2,036
    Comparisons
    1,719
    Reviews
    3
    Average Words per Review
    282
    Rating
    6.3
    Unranked
    In Application Security Tools
    Views
    27,089
    Comparisons
    18,138
    Reviews
    97
    Average Words per Review
    972
    Rating
    8.1
    Comparisons
    Also Known As
    HPE Fortify Application Defender, Micro Focus Fortify Application Defender
    Hailstorm, Cenzic Hailstorm
    Crashtest Security , Veracode Detect
    Learn More
    Overview

    Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

    Provides ability to test applications for security vulnerabilities, security policies and regulatory compliance.

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Offer
    Learn more about Fortify Application Defender
    Learn more about Trustwave App Scanner [EOL]
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Sample Customers
    ServiceMaster, Saltworks, SAP
    Leading Health Insurer
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Computer Software Company15%
    Manufacturing Company12%
    Government8%
    No Data Available
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise11%
    Large Enterprise56%
    VISITORS READING REVIEWS
    Small Business12%
    Midsize Enterprise13%
    Large Enterprise75%
    No Data Available
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    Application Security Tools
    March 2024
    Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: March 2024.
    765,234 professionals have used our research since 2012.