We performed a comparison between Codebashing and Veracode Security Labs based on real PeerSpot user reviews.
Find out in this report how the two Application Security Training solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are lots of great plugins available."
"There's a lot of flexibility and there are a lot of configuration options."
"The most important aspect of Codebashing, in my opinion, is the gamification advantage. When compared to competitors' offerings, the most significant thing to emphasize is gamification. The rest is similar to the competitors."
"The most valuable feature is the integration with WhiteSource, which allows for open-source scanning."
"From an academic point of view, Codebashing is a very good product because it is based on gamification. This is especially true if you don't have any idea about secure code training. It is one of the best tools in the world to learn secure coding. The product explains very well how vulnerabilities can be found and how programmers can develop securely."
"The installation phase of the tool is simple."
"The platform is simple, easy to use, and easy to learn."
"The most valuable feature is that you get the security from the design of the training. It ensures our developers write code securely and effectively. They will not write code that is vulnerable to hackers."
"The coding challenges were well put together and I was happy to see some of the challenges even had a built-in web browser."
"The installation is straightforward."
"The hands-on training has helped us to tackle modern threats by coding with vulnerabilities in mind from the beginning of a project. It has improved our process overall, and the number of vulnerabilities has been reduced."
"Veracode Security Labs is very good for providing examples of code vulnerabilities in a developer’s chosen language. This is important because if a flaw is found, then they provide me with a few examples of how to implement it. I don't need to go to Google and try to figure it out myself. They already provide me with some good quality examples that I can use to implement the fix."
"The deployment didn't take that long."
"The features are so extensive, which is why they are ahead of the game, and the reason I continue to use this solution."
"I like the end-to-end learning experience. That also includes SAST. It has a low false positive rate."
"It provides a complete review of vulnerabilities & possible fixes for OWASP Top 10 in one place."
"This solution is available for Windows only and does not have a Linux distribution."
"From my perspective, Codebashing might use some enhancement. Clients should be able to handle their tests directly according to their needs. That aspect of Codebashing is currently inflexible. Customers would wish to sign, compile, or manage their tests in accordance with their requirements. It is just not possible."
"I believe that certificates should be issued to users so that they can be used as proof of having completed that training. The certificate is currently not being used for any competence validation outside of the chance environment."
"The solution should make the configuration more simple. Sometimes the configuration is complex."
"The user interface could be updated and refreshed. It has the appearance of being very basic."
"This solution could be improved by offering an increased number of quizzes after each module. The GUI for this solution could also be updated to be more modern."
"It isn't a very friendly tool for beginners. In our company, we have to take training courses to learn how to use the platform."
"If customers would be able to define their own quizzes or exams, it would be very good. That is the only missing part that I see - customer based scenarios, examinations and quizzes."
"Developers frequently complain to me about the user interface and the difficulty in navigating the web site."
"Web application development covers much of the industry, but there are also developers working with these other technologies that could benefit from a learning environment more specific to their technologies."
"There could be better integration between the API and the pipeline systems."
"There are two parts that I think should be improved. Both the web page and the report have the same issue. Both are sometimes messy and very difficult to find information. You need to know where to look and especially where to find information. It can be a bit confusing in both the report and the web page. Quite often, I keep learning new things because some of the information is quite hidden. You need to click this link, then click here, and go here. Then, "Wow," you get so much information that you didn't know existed. Information is a bit hidden and there should be an easier way to access it after a scan is generated."
"Its ability to handle more types of files and making it work better with databasing and other API could be improved."
"I would like the team to make users like me aware of the new features sooner, so we can get the most from this product. Otherwise, there is no disadvantage."
"Veracode Security Labs should cover more than only the OWASP Top 10."
"I would have liked to see a bit better auto-completion in the IDE, and there was a typo in one of the questions where the code you were supposed to copy was missing a pair of parentheses."
Codebashing is ranked 2nd in Application Security Training with 10 reviews while Veracode Security Labs is ranked 1st in Application Security Training with 10 reviews. Codebashing is rated 8.4, while Veracode Security Labs is rated 8.6. The top reviewer of Codebashing writes "An easy-to-use tool to identify false positives or flag any medium to high-risk outcomes". On the other hand, the top reviewer of Veracode Security Labs writes "We are more productive because we work smarter and optimize the reporting pathway". Codebashing is most compared with Secure Code Warrior Learning Platform, whereas Veracode Security Labs is most compared with Secure Code Warrior Learning Platform. See our Codebashing vs. Veracode Security Labs report.
See our list of best Application Security Training vendors.
We monitor all Application Security Training reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.