"The product is related to US usage with TLS contact fees, i.e. how more data center connections will help lower networking costs."
"Whatever the test suit they give, it is intelligent. It will understand the protocol and it will generate the test cases based on the protocol: protocol, message sequence, protocol, message structure... Because of that, we can eliminate a lot of unwanted test cases, so we can execute the tests and complete them very quickly."
"We have found multiple issues in our embedded system network protocols, related to buffer overflow. We have reduced some of these issues."
"It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"One of the valuable features is that it gives us the option of static scanning. Most tools of this type are centered around dynamic scanning. Having a static scan is very important."
"The Veracode support team is excellent."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
"Informs me of code security vulnerabilities. Bamboo build automation with Veracode API calls are used."
"The Veracode technical support is very good. They are responsive and very knowledgeable."
"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer."
"Sometimes, when we are testing embedded devices, when we trigger the test cases, the target will crash immediately. It is very difficult for us to identify the root cause of the crash because they do not provide sophisticated tools on the target side. They cover only the client-side application... They do not have diagnostic tools for the target side. Rather, they have them but they are very minimal and not very helpful."
"Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install."
"It does not support the complete protocol stack. There are some IoT protocols that are not supported and new protocols that are not supported."
"There were some additional manual steps or work involved that we should not have needed to do."
"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."
"The product has issues with scanning."
"There might be room for improvement in the in-app guidance and the tips and tricks for the developer about how to progress. We would like more insight into the development environment, where they would get guidance on how to avoid flaws."
"The interface is one thing I find a little challenging. Veracode's interface feels a little outdated compared to other solutions, and it could be modernized. I'm mostly happy with the features, but Vercaode could add Docker image scanning."
"The technical support service has room for improvement."
"Another thing I need is continued support for the new languages today that are popular. Most of them are scripting languages more so than real, fourth-generation, commercial grade stuff; we're evolving. Most applications are using so much open-source that, quite frankly, it would be great to see Veracode, or anybody else, extend their platform to where they are able to help secure open-source platforms or repositories."
"We get some false positives with JavaScript languages like React, TypeScript, and Angular. The problem is rooted in the build process of JavaScript, not the code we are using. This is something we spend lots of time trying to resolve. When we point to a specific library and review that on the code, we can see it is a part of the build that isn't going into production. It's only a part of the build because JavaScript has a different build process."
Earn 20 points
Synopsys Defensics is ranked 5th in Fuzz Testing Tools while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Synopsys Defensics is rated 8.6, while Veracode is rated 8.2. The top reviewer of Synopsys Defensics writes "Technical support provided protocol-specific documentation to prove that some positives were not false". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Synopsys Defensics is most compared with SonarQube, Snyk, Fortify on Demand, Invicti and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap.
We monitor all Fuzz Testing Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
