Fortify WebInspect Review

Great centralized dashboard but is a bit overpriced

What is our primary use case?

We primarily use the application for web application scanning.

What is most valuable?

I've found the centralized dashboard the most valuable. For management, it helps a lot to have abilities at the central level.

What needs improvement?

The solution needs improvements from the scanning and the technical perspective.

In the next release, we would love to see smooth scale mobile testing - if it has similar to testing with wider applications for different technologies as well because people are moving towards mobile. If the solution can integrate AI and also understand the application by itself, this will be great.

For how long have I used the solution?

I've been using the solution for three months.

What do I think about the stability of the solution?

Stability wise, the tool is stable, but the tool still requires some improvements in the latest technology websites.  For example, if there is a single website or e-commerce website, it is still trying to understand a lot of the applications while it scans. It is not that smooth with complex websites. We have about 80-100 users on the solution.

How are customer service and technical support?

So far technical support is good. It is fair enough. They haven't got a response or turn around time. From the support perspective, it is good.

Which solution did I use previously and why did I switch?

I haven't used any different solution here, but in another organization, I have used multiple application scanning products. I've used IBM scan. I have used SecuRex. Those were good as well.

How was the initial setup?

The initial setup is pretty good. They have a step by step guide and everything is given. It sets up with the environment but it requires a lot of memory and the system requires a lot of memory. That is the only negative, normally if you have a three-way scanner, it would run smoothly on even a small configuration laptop. This was a delicate setup.

What's my experience with pricing, setup cost, and licensing?

I'm not sure about the licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools with similar functionalities. The pricing is a little more costly than other regular solutions. There are only two such products that are this costly. This and IBM. The rest of the application scanners are not as costly.

What other advice do I have?

I am currently evolving, going through the product. We have yet to go through all the features and functionalities of the product. The way it checks for vulnerabilities helps a lot. It makes the most of the check for vulnerabilities. The centralized dashboard for the management is good but I'm still looking into it. That and other features we are yet to be discovered. I'm still trying to get to know all the features.

Looking at an enterprise level product is good. With it, you get a centralized board, you have a management view, enroll management and access management. Everything is there. But still, check your requirements, what you need. If you use it for a certain amount of applications, you might not need such a heavy tool.

Our requirement is 10 or 20 times more than a regular company and hence we went with an enterprise solution and had somebody who could implement this. If your requirement is a little less, it might just call for some other scanners based on your requirements. 

If you do need such an extensive requirement, ensure that you also have the data servers and systems for such tools. It will be easy to implement in any environment if you do.

I would rate this solution 7 out of 10.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortify WebInspect reviews from users
Find out what your peers are saying about Micro Focus, HCL, PortSwigger and others in Application Security Testing (AST). Updated: January 2021.
457,209 professionals have used our research since 2012.
Add a Comment