We performed a comparison between Rapid7 AppSpider and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Rapid7 AppSpider is the vulnerability reporting data. Additionally, the data is reported in a convenient way rather than seeing them as a PDF. We are able to generate all the reports exactly what we want in a flexible way."
"I would say that it is stable, as I am not aware of any major issues."
"AppSpider's most valuable feature is reporting - everything is stored in the local database so it can be sent to other machines."
"It scans all the components developed within a web application."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"The most valuable feature is the reporting, which is compliant with international standards."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"Veracode static analysis allows us to pinpoint issues - from a simple hard-coded test password, to more serious issues - and saves us lot of time. For example, it raises a flag about a problematic third-party DLL before development invests time heavy using it."
"It gives feedback to developers on the effectiveness of their secure coding practices."
"It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"The integration capabilities with our existing development tools are very good."
"The main feature, and one of the most important, is the static code analysis. We are able to complete an analysis of the security flaws with this platform. It's very good at helping us find and fix flaws."
"I like the static scanning, and Veracode's interface is excellent. The dashboard is easy to navigate."
"What we found most valuable in Veracode is the ability to do automatic scans of our software. We've incorporated the solution into our SDLC process, so we take our builds before they get released and put them through scans to ensure any new vulnerabilities haven't occurred."
"The tech support is responsive but issues remain unresolved."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"Integration could be better."
"The dashboard and interface are crucial and they need some improvement."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"The enterprise interface is too simple. It should be more customizable."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"The negative that I found is that it has a subscription-based model."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"Veracode is costly, and there is potential for improvement in its pricing."
"There are few languages that take time for scanning. It covers the majority of languages from C to Scala, but it doesn't support certain languages and the newer versions of certain languages. For example, it doesn't support SAP and new JavaScript frameworks such as Node.js and React JS. They can include support for these. If you go to their website, you can see the list of languages that are currently supported. The false-positive rates are also something they can work on."
"One feature I would like would be more selectivity in email alerts. While I like getting these, I would like to be able to be more granular in which ones I receive."
"The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
Rapid7 AppSpider is ranked 25th in Application Security Testing (AST) with 13 reviews while Veracode is ranked 2nd in Application Security Testing (AST) with 194 reviews. Rapid7 AppSpider is rated 7.8, while Veracode is rated 8.2. The top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and Cloudflare, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Rapid7 AppSpider vs. Veracode report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.