We performed a comparison between Parasoft SOAtest and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have seen a return on investment."
"The solution is scalable."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"Technical support is helpful."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"Since the solution has both command line and automation options, it generates good reports."
"If you want something that’s not provided out of the box, then you can write it yourself and integrate it with SOAtest."
"Automatic testing is the most valuable feature."
"Tech support is outstanding. Best in class. Absolutely. They bend over backwards to help us. We'll come up with questions and within minutes, we'll get answers. It's amazing. It's truly amazing."
"The static scan and the detailed reports, which include issue information and permissions, are the most valuable features."
"The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future."
"The most valuable feature is the seamless automation of Veracode via the pipeline, in comparison to other solutions like Fortify SSC, which are complex to integrate through the pipeline."
"Static code scanning is the most valuable feature."
"I have used this solution in multiple projects for vulnerability testing and finding security leaks within the code."
"From a developer's perspective, Veracode's greenlight feature on the IDE is helpful. It helps the developer to be more proactive in secure coding standards. Apart from that, static analysis scanning is definitely one of the top features of Veracode."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"The performance could be a bit better."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"From an automation point of view, it should have better clarity and be more user friendly."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"Reporting facilities can be better."
"The product is very slow to start up, and that is a bit of a problem, actually."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"Scanning progress is highly dependent on the speed of the Internet."
"The zip file scanning has room for improvement."
"Scanning large amounts of code can be a time-consuming process and there is scope for improvement."
"I think if they could improve the operations around accepted vulnerabilities, we would see improvements in our productivity."
"Some features could be improved in terms of user-friendliness."
"A high number of false positives are reported and this should be reduced."
"The results of agent-based software composition analysis are not connected to policy scanning. So, for me, the only thing that Veracode can improve in Software Composition Analysis is to connect it with the policy scan because, at present, it is a bit inconvenient for those in our organization who use agent-based Software Composition Analysis. In the end, they need to make a static scan with all those libraries in order to receive that report. If Veracode implemented a connection between agent-based static scan and static scanning itself, it would be great because it would lead to fewer operations in order to prepare release documentation and release reporting from Veracode. We recently had a conversation with Veracode about it."
Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews while Veracode is ranked 2nd in Application Security Testing (AST) with 194 reviews. Parasoft SOAtest is rated 8.2, while Veracode is rated 8.2. The top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Selenium HQ, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Parasoft SOAtest vs. Veracode report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.