We previously used Netsparker but we were unable to use it across our entire landscape which is why we moved to Fortify. That said, Fortify has its own challenges although not as many limitations as Netsparker. 

I have also been using AppScan. The performance of AppScan is good, but WebInspect has more features, such as a centralized dashboard and the ability to assign a risk into priorities. It is an enterprise and feature-rich tool, but performance-wise, AppScan is good.

We suggest different solutions to our clients. Some might use Acunetix. We've also used ForeSite in the past as well.

I previously used AppScan. We switched due to an overall change in our organization in Azure. IBM sold this to HCL so there is no IBM grant attached to it.

I haven't used any different solution here, but in another organization, I have used multiple application scanning products. I've used IBM scan. I have used SecuRex. Those were good as well.

I've used PortSwigger in the past, and it was a pretty good product as well.

Prior to using WebInspect, I was using SonarQube. The problem with SonarQube is that they are not very good at analyzing ASP.NET applications, so I gave up on it.

I have used Qualys in the past but more for vulnerability management in the infrastructure, as opposed to web application security.

We did use a different solution previously.