This is a security testing tool that is used by our security team and the QA team.
Fortify WebInspect Review
Great accuracy when scanning, but it has an interface that is awkward and not friendly to work with
Jul 22 2020
What is our primary use case?
What is most valuable?
The accuracy of its scans is great. Provided it does not freeze, or somebody from another team is not trying to use the same resources, it works well.
The integration with the Fortify code scanner is nice because you combine those two elements and get one output.
What needs improvement?
Our biggest complaint about this product is that it freezes up, and literally doesn't work for us. It may be in part the way we have it set up, or how we've licensed it.
It is awkward and not very friendly to work with.
The version that I am using is not capable of generating reports to HTML or PDF, so I can't share them. I have to get somebody else to log into the application and view the results themselves. Simply, I can't output a report that I can easily share.
For how long have I used the solution?
We have been using WebInspect for about one year.
What do I think about the stability of the solution?
The experience that I have had is that it is not stable.
What do I think about the scalability of the solution?
Scalability is probably fine if you buy more licenses.
How are customer service and technical support?
I have not worked with their technical support.
What's my experience with pricing, setup cost, and licensing?
Our licensing is such that you can only run one scan at a time, which is inconvenient. The licensing was bundled with Fortify so I'm sure that we paid for it in some context, although I don't know what the exact cost would be.
What other advice do I have?
We are using this WebInspect in conjunction with Fortify. We're not using the client-host based deployment, but rather, a web-based one. The agent is not installed on my machine.
The suitability of this product depends on your use case. If you're trying to do what we're doing in QA and security then it's probably great. If, however, you want to do things on external sites then I would suggest an external cloud-based one.
I would rate this solution a four out of ten.
Which deployment model are you using for this solution?
On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortify WebInspect reviews from users...at Large Enterprises
...who compared it with Acunetix Vulnerability Scanner
Find out what your peers are saying about Micro Focus, HCL, PortSwigger and others in Application Security Testing (AST). Updated: January 2021.
457,209 professionals have used our research since 2012.
Author
reviewer1186359
Sr. Manager Business Operations Protection at a consumer goods company with 10,001+ employees
Real User
Top 10Highlights
Pros
The accuracy of its scans is great.
Cons
Our biggest complaint about this product is that it freezes up, and literally doesn't work for us.
Pricing Advice
Our licensing is such that you can only run one scan at a time, which is inconvenient.
Product Categories
Application Security Testing (AST)Popular Comparisons
Micro Focus Fortify on Demand
OWASP Zap
PortSwigger Burp
HCL AppScan
Acunetix Vulnerability Scanner
Veracode
Qualys Web Application Scanning
Netsparker Web Application Security Scanner
Checkmarx
Rapid7 AppSpider
WhiteHat Sentinel
Contrast Security Assess
Buyer's Guide
Download our free Application Security Testing (AST) Report and find out what your peers are saying about Micro Focus, HCL, PortSwigger, and more!
Quick Links
Learn More: Questions:
- What alternatives are there for Fortify WebInspect and Fortify SCA?
- When evaluating Application Security Testing, what aspect do you think is the most important to look for?
- What are the OWASP top 10 in 2020?
- SAST vs. DAST: Which is better for application security testing?
- What tools do you rely on for building a DevSecOps pipeline?