This is a security testing tool that is used by our security team and the QA team.
This is a security testing tool that is used by our security team and the QA team.
The accuracy of its scans is great. Provided it does not freeze, or somebody from another team is not trying to use the same resources, it works well.
The integration with the Fortify code scanner is nice because you combine those two elements and get one output.
Our biggest complaint about this product is that it freezes up, and literally doesn't work for us. It may be in part the way we have it set up, or how we've licensed it.
It is awkward and not very friendly to work with.
The version that I am using is not capable of generating reports to HTML or PDF, so I can't share them. I have to get somebody else to log into the application and view the results themselves. Simply, I can't output a report that I can easily share.
We have been using WebInspect for about one year.
The experience that I have had is that it is not stable.
Scalability is probably fine if you buy more licenses.
I have not worked with their technical support.
Our licensing is such that you can only run one scan at a time, which is inconvenient. The licensing was bundled with Fortify so I'm sure that we paid for it in some context, although I don't know what the exact cost would be.
We are using this WebInspect in conjunction with Fortify. We're not using the client-host based deployment, but rather, a web-based one. The agent is not installed on my machine.
The suitability of this product depends on your use case. If you're trying to do what we're doing in QA and security then it's probably great. If, however, you want to do things on external sites then I would suggest an external cloud-based one.
I would rate this solution a four out of ten.