Fortify WebInspect Review

Great accuracy when scanning, but it has an interface that is awkward and not friendly to work with

What is our primary use case?

This is a security testing tool that is used by our security team and the QA team.

What is most valuable?

The accuracy of its scans is great. Provided it does not freeze, or somebody from another team is not trying to use the same resources, it works well.

The integration with the Fortify code scanner is nice because you combine those two elements and get one output.

What needs improvement?

Our biggest complaint about this product is that it freezes up, and literally doesn't work for us. It may be in part the way we have it set up, or how we've licensed it.

It is awkward and not very friendly to work with.

The version that I am using is not capable of generating reports to HTML or PDF, so I can't share them. I have to get somebody else to log into the application and view the results themselves. Simply, I can't output a report that I can easily share.

For how long have I used the solution?

We have been using WebInspect for about one year.

What do I think about the stability of the solution?

The experience that I have had is that it is not stable.

What do I think about the scalability of the solution?

Scalability is probably fine if you buy more licenses.

How are customer service and technical support?

I have not worked with their technical support.

What's my experience with pricing, setup cost, and licensing?

Our licensing is such that you can only run one scan at a time, which is inconvenient. The licensing was bundled with Fortify so I'm sure that we paid for it in some context, although I don't know what the exact cost would be.

What other advice do I have?

We are using this WebInspect in conjunction with Fortify. We're not using the client-host based deployment, but rather, a web-based one. The agent is not installed on my machine.

The suitability of this product depends on your use case. If you're trying to do what we're doing in QA and security then it's probably great. If, however, you want to do things on external sites then I would suggest an external cloud-based one.

I would rate this solution a four out of ten.

Which deployment model are you using for this solution?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortify WebInspect reviews from users
Find out what your peers are saying about Micro Focus, HCL, PortSwigger and others in Application Security Testing (AST). Updated: February 2021.
463,678 professionals have used our research since 2012.
Add a Comment