"We have found multiple issues in our embedded system network protocols, related to buffer overflow. We have reduced some of these issues."
"The product is related to US usage with TLS contact fees, i.e. how more data center connections will help lower networking costs."
"Whatever the test suit they give, it is intelligent. It will understand the protocol and it will generate the test cases based on the protocol: protocol, message sequence, protocol, message structure... Because of that, we can eliminate a lot of unwanted test cases, so we can execute the tests and complete them very quickly."
"Static code scanning is the most valuable feature."
"The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications."
"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool."
"In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better."
"The most valuable feature is the security and vulnerability parts of the solution. It shows medium to high vulnerabilities so we can find them, then upgrade our model before it is too late. It is useful because it automates security. Also, it makes things more efficient. So, there is no need for the security team to scan every time. The application team can update it whenever possible in development."
"It has an easy-to-use interface."
"I can have quick results by just uploading compiled components."
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed."
"Codenomicon Defensics should be more advanced for the testing sector. It should be somewhat easy and flexible to install."
"It does not support the complete protocol stack. There are some IoT protocols that are not supported and new protocols that are not supported."
"Sometimes, when we are testing embedded devices, when we trigger the test cases, the target will crash immediately. It is very difficult for us to identify the root cause of the crash because they do not provide sophisticated tools on the target side. They cover only the client-side application... They do not have diagnostic tools for the target side. Rather, they have them but they are very minimal and not very helpful."
"I'd like to see an improved component of it work in a DevOps world, where the scanning speed does not impede progress along the AppSec pipeline."
"They cover a lot of languages already and it doesn't make sense for them to cover legacy languages but I know there is a need for covering legacy languages."
"The training lab is not very user-friendly and takes a long time to set up."
"From what we have seen of Veracode's SCA offering, it is just average."
"Reporting. Some of the reporting features of Veracode do need improvement. They do not have the most robust access to data. That would be a bit more beneficial to a lot of our clients as well as our actual in-house staff. I've been talking to our program management at Veracode about that, and that is actually on their radar to have that improved, I think actually this year."
"We use Ruby on Rails and we still don't have any support for that from Veracode."
"It needs better APIs, reporting that I can easily query through the APIs and, preferably, a license model that I can predict."
"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."
Earn 20 points
Synopsys Defensics is ranked 5th in Fuzz Testing Tools while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Synopsys Defensics is rated 8.6, while Veracode is rated 8.2. The top reviewer of Synopsys Defensics writes "Technical support provided protocol-specific documentation to prove that some positives were not false". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Synopsys Defensics is most compared with SonarQube, Snyk, Fortify on Demand, Invicti and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap.
We monitor all Fuzz Testing Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.