Fortify WebInspect Review

Easy to use with a simple deployment and good documentation

What is our primary use case?

We primarily use the solution for web applications and tests. 

How has it helped my organization?

It helped us much as it's a really good automated scanner with nice number of checks.

What is most valuable?

The solution is easy to use.

The initial setup is pretty straightforward and the deployment is quick.

The solution has good documentation.

The product is a good option for enterprise-level organizations.

What needs improvement?

The scanner could be better. 

The out of bounds channel is missing and it makes it hard to nail down the vulnerabilities.

For how long have I used the solution?

I hadn't been working with the solution for very long; I worked with it at my last company.

What do I think about the stability of the solution?

The first time we ran the module, it was okay, however, the next time we ran it, it almost crashed. For example, when I started the proxy, I tried to create some traffic from the application and nothing happened, but then, after that, everything began to hang. I'm not sure if this was an issue with a particular version or not. I'm not sure if it was some sort of bug.

How are customer service and technical support?

Typically, if I have an issue, I contact my internal support team. They may directly contact technical support. However, I have not done so myself. Therefore, I can't speak to their responsiveness or knowledge levels.

Which solution did I use previously and why did I switch?

I've used PortSwigger in the past, and it was a pretty good product as well.

How was the initial setup?

The initial setup is not complex. It's pretty straightforward. You just have to download it to the Microsoft server and you're done.

The total deployment may take an hour, or, at maximum, two.

What about the implementation team?

I handled the implementation myself.

Which other solutions did I evaluate?

We used Acunetix and Netsparker with Burp Suite.

What other advice do I have?

We're just customers. We don't have a business relationship with the company.

I would recommend WebInspect to enterprise-level organizations. to use. For a smaller company, I'd recommend something more automated. WebInspect has far more manual work, however, it does have good documentation. 

Overall, I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?


If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortify WebInspect reviews from users
Find out what your peers are saying about Micro Focus, HCL, PortSwigger and others in Application Security Testing (AST). Updated: February 2021.
465,623 professionals have used our research since 2012.
Add a Comment