Veracode Review

Increases our confidence in the security of our sever-side and mobile apps

What is our primary use case?

We use it for security scanning of SaaS and mobile software that we develop: one server-side and two mobile applications. Most customers require SAST and DAST scanning in order to purchase.

How has it helped my organization?

It gives us more confidence in the application security of the products we scan. We use it as part of our AppSec best practices. 

What is most valuable?

It has an easy-to-use interface.

What needs improvement?

We would like a way to mark entire modules as "safe." The lack of this feature hasn't stopped us previously, it just makes our task more tedious at times. That kind of feature would save us time.

What do I think about the stability of the solution?

We have never had any problems with the solution.

What do I think about the scalability of the solution?

It has always worked for us, we haven't found any issues. There have been no problems with scanning small and large objects.

How are customer service and technical support?

Technical support is excellent. It meets our needs.

Which solution did I use previously and why did I switch?

We had no previous solution. Our choice of Veracode was due to Veracode being a customer and requiring that we use their tool to scan our solution.

How was the initial setup?

The initial setup was straightforward. As it's a SaaS solution, it took no time to set up. But because I didn't take training, I spent a bit of time figuring out the product. No implementation (or strategy for implementation) was required, beyond some simple configuration settings.

What's my experience with pricing, setup cost, and licensing?

No issues, the pricing seems reasonable.

Which other solutions did I evaluate?

We evaluated no other products for SAST when we started using Veracode. 

What other advice do I have?

Be aware that the first run will find a lot of issues, many of which are not real issues; it will take time to understand that. Don't change object names as that will confuse it. Make sure you get development buy-in early.

We're looking to expand its use within the development organization and are looking into another license. Currently, we have four users of the solution, myself (security) and developers. The four of us also maintain it.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Veracode reviews from users
...who work at a Financial Services Firm
...who compared it with PortSwigger Burp
Add a Comment