Likelihood to Recommend
It is suited well for ad-hoc and scheduled application vulnerability scans. You must review the results to manually filter out false-positives. You must always keep in mind that this is only a vulnerability scan. It can only find a certain class of vulnerabilities, and it can only do that so well. You should definitely not rely on this tool alone for identifying problems. That being said, I have used it along with every other major commercial vulnerability scanner and find it to the best overall ROI compared to more expensive commercial scanners that don't necessarily give you a better user experience or better vulnerability results. I rarely need support from the vendor, but when I do, they have been responsive and able to solve the issue quickly.
For Microsoft shops that are doing custom development on the Microsoft cloud platform in Office 365 and Azure, the Rencore toolset is an absolute must, especially if you are involved in converting farm solutions to cloud, or just moving into cloud development for the first time.
- Great customer support.
- Reporting features.
- Supports importing state files from other popular application testing tools.
- Has other features built-in beyond just scanning for vulnerabilities.
- Unique expert knowledge of their target platforms. Not many companies have such a unique position in their target market. Their employees have a deep understanding of SharePoint, Office 365 and Azure and also regularly advise Microsoft on these matters.
- Community involvement and contribution to open source projects. Key employees at Rencore are considered thought leaders in their area of expertise and contribute to high profile Microsoft open source initiatives.
- Rencore's unique position when it comes to code quality analysis in the SharePoint space sets it apart. There's really no alternative.
- Platform governance is another Rencore strength. No other product provides the insights into your SharePoint Online environment with full auditing of not only configuration changes but also who changed which code where and when. Again no alternatives exist.
- Does not support multiple endpoints well (e.g. apps and services that do not reside at the same URL).
- Has authentication problems with modern enterprise apps which involve a lot of redirects to unrelated endpoints, federated IDs, SSO, etc. This is related to the first point.
- The vulnerability detection capability is not as robust as Burp Suite Pro + extensions, Metasploit + auxiliary modules, Nmap + scripts, etc.
- Rencore's product line is of course still a bit of a niche: SharePoint code quality is not something every organization on the planet is concerned with - although Rencore does much more than that.
- We feel Rencore's marketing efforts are mainly targeted at technologists. There's a lot of other potential, especially for their platform governance product.
No answers yet
No answers on this topic
Based on 2 answers
Every year, we re-evaluate the tools we are using and licensing. We balance the ever-changing vendor licensing-models, costs, tool features/usability, etc. For the last few years, this has been the best overall commercial tool for our specific use case. However, this is only one of many tools that we use and need.
I don't know of any products that compete in the space and if there were any, they would not stand a chance against Rencore. Behind any good product is a team of highly skilled individuals, who all have the same goal, who are passionate what they do and lastly, are in it for the betterment of where they started; As Developers themselves. You can't buy that
Return on Investment
- Saved money compared to other commercial scanners, especially over the long run.
- Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
- A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
- The clear impact was the amount of time saved code reviewing or going through lines of code marked off by other tools that are not relevant. We cannot put a number on it since the project started off with the tool in place but based on the rules applied it could be as high as 20% of the project time.
Using third party libraries allows you to build your SharePoint and Office 365 applications faster and focus on functionality specific for your organization. But regularly, security vulnerabilities are discovered in these external dependencies. If left unpatched, they become a security risk for your organization and its data. Rencore automatically warns you when any of the third-party libraries used in your applications has known vulnerabilities that could be exploited to hack your environment.See All (13) Rencore Screenshots
Premium Consulting/Integration Services—
Entry-level set up fee?
Premium Consulting/Integration Services
Entry-level set up fee?