"Our clients use CAST Highlight for cloud migration. This allows them to remove or remediate the blockers which are highlighted. This part of the solution shows improvement in quality and captures feedback for our clients."
"The most valuable feature of the CAST Application Intelligence Platform is its security dashboard which is a dedicated dashboard that's pretty helpful because it gives compliance checks based on some of the leading frameworks in the industry, such as ISO 5055, OWASP, CWE Top 25, and NIST security guidelines. I find the security dashboard of the solution and the information it provides pretty useful. The security dashboard of the CAST Application Intelligence Platform is a feature that stands out."
"Used for controlling the technical debt and code quality."
"CAST's risk and security flow detection capabilities are highly effective, particularly in identifying security vulnerabilities. It is one of the most important and valuable features of the platform."
"It supports most programming languages."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"It is a good product for website penetration testing to detect vulnerabilities."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"It is a cloud-based solution, so it is easy to scale."
"The vulnerability management feature is a strong one. And also the patch management feature."
"It works with many different products."
"This product is designed for easy scalability and can easily scale up without major challenges."
"The overall coverage of rules could be improved in the CAST Application Intelligence Platform because it does not cater to or cover all. For example, 2022 CWE coverage is still not available in the CAST Application Intelligence Platform. The solution also covers some NIST rules, but it does not cater to all rules. An additional feature I'd like to see in the next update of the CAST Application Intelligence Platform is for it to provide source code developer and contributor details, especially information on which areas of code were touched. This would be a good insight as the CAST Application Intelligence Platform looks into the source code."
"The integration of this solution could be improved."
"Implementation could be made more simpler as it is complex."
"It has very few plugins to access different code repositories, so source code has to be fed."
"Areas for improvement in CAST AIP include enhancing support for implementation in complex environments and improving technical support to address organizational challenges alongside engineering issues."
"The product's pricing could be better."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."
"There should be better visibility into the application."
"The virus code updates are not frequent enough."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The solution needs to adjust its pricing. They should make it more affordable."
"The reporting contains too many false positives."
More CAST Application Intelligence Platform Pricing and Cost Advice →
More Qualys Web Application Scanning Pricing and Cost Advice →
CAST Application Intelligence Platform is ranked 3rd in Software Development Analytics with 4 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. CAST Application Intelligence Platform is rated 7.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of CAST Application Intelligence Platform writes "Has a security dashboard that's helpful because it gives compliance checks based on some of the leading frameworks in the industry". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". CAST Application Intelligence Platform is most compared with SonarQube, Fortify Application Defender, Fortify on Demand, Checkmarx One and BlueOptima, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect.
We monitor all Software Development Analytics reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.