What users are saying about
4 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
47 Ratings
4 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.7 out of 100

Veracode

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
47 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.2 out of 100

Likelihood to Recommend

Netsparker

Netsparker is very thorough but can take a very long time to scan a web application. It can also take a long time to learn and configure. Its thoroughness is a very good part of the product but if the application does [not] need this thoroughness it is probably a waste of time to run Netsparker on the website.
Glenn Jones | TrustRadius Reviewer

Veracode

If you need to perform static application security testing (SAST) and low price is not a problem, then Veracode is a good choice. The speed of the static analysis could also be increased. It is, however, one of the few tools available that can analyze the bytecode of a .Net web application and provide very good analysis of the application. The generated report is also quite good, even though it appears everyone wants a report based on PCI problems, even if your application does not deal with any financial information.
Glenn Jones | TrustRadius Reviewer

Pros

Netsparker

  • NetSparker has excellent customer service. When our team had to learn to use it for the first time, we had to communicate directly with NetSparker consultants.
  • NetSparker is very user-friendly. It's UI is organized and keeps all the different scans we have set-up in a very clean visual.
  • Netsparker has a selection of workflows and integration tools that make it useful for keeping all of my teammates on the same page.
Jatel Desai | TrustRadius Reviewer

Veracode

  • A focus only on code security--rather than cluttering up their offerings, Veracode focuses only on products and services around code security.
  • Scanning code--their scanning engine seems to be among the best in class and has a very low false-positive rate.
  • Reporting on the flaws found--the ability to review flaws from either a web interface or an IDE plugin helps speed up remediation.
Michael Johnson | TrustRadius Reviewer

Cons

Netsparker

  • Netsparker Cloud is expensive and restricts the number of website URLs that you are allowed to scan. This restricts us from scanning all of the websites that we create and only allows us to scan a small subset of number of the website we produce.
  • Netsparker is difficult to configure and I often need to open a ticket with support to figure out how to use the product. I have been vulnerability testing websites for over 10 years and I still don't think I really know how to use Netsparker.
  • Netsparker can take a very long time to complete a scan due to the number of items it can scan for. Be certain to reduce the technologies that your scan will be looking at. Also, expect a large website to possibly take over two days to complete. Not something you really want to have happen on a developer checking on some source code.
Glenn Jones | TrustRadius Reviewer

Veracode

  • Inconvenient Integration to CI/CD. They don't have a compatible plugin to use on Jenkins or TeamCity so we ourselves need to come with a custom solution for how to integrate with the CI tool. It is more inconvenient in this respect than e.g Checkmarx.
  • More work to set up a scan. Due to the nature of the tool (it accepts compiled binaries rather than source code), developers need much more work to set up a scan correctly. There is a long list of requirements for how binary files need to be packaged and compiled in order to be ready for scanning in Veracode.
  • No Asynchronous Scanning. A scan has to be completed fully before another scan can be triggered which in an agile environment is inconvenient. There is a workaround with REST API though which again requires more work from the developer's side.
  • Confusing workflow for SCA service. They have 2 parallel solutions for SCA that require separate integration and have separate UIs which is confusing.
  • Access roles are not very flexible and cannot be changed easily.
Anonymous | TrustRadius Reviewer

Usability

Netsparker

No score
No answers yet
No answers on this topic

Veracode

Veracode 5.5
Based on 1 answer
I am not a full time administrator of Veracode and although it has made many improvements in the past year or two, previous to that it was very difficult to use. I still think for people like me who work in a small security software without a thick budget and not a lot of resources it is difficult to use and understand all the bells and whistles and everything it has to offer.
Anonymous | TrustRadius Reviewer

Support Rating

Netsparker

Netsparker 10.0
Based on 1 answer
NetSparker support is amazing. When first introducing this software to the team, there was a lot of communication going on between Netsparker consultants and our team. They have answered our questions very efficiently and have had consultants come to our department for training. They are open to suggestions for improvements and enhancements as well.
Jatel Desai | TrustRadius Reviewer

Veracode

Veracode 8.1
Based on 30 answers
Veracode support is prompt and always there to help. They are willing to get on a call with you to resolve the issue as much as possible. I have wanted more information from them at times but I have only interacted with a few support staff. They will have to escalate to other team members depending on complexity.
Christopher Sawyer | TrustRadius Reviewer

Alternatives Considered

Netsparker

I currently use OWASP ZAP, Burp Suite Professional and Veracode Dynamic Scan. ZAP is very easy to use and the web developers use it regularly. Burp Suite is very customizable as is Netsparker but usually take much less time to scan a website. Both of these tools are programmable and allow me to add special items to a scan when I need it. They are also much better documented. Veracode also has a static code analysis tool that we use much more often then the dynamic analysis tool but we do use both parts of Veracode.
Glenn Jones | TrustRadius Reviewer

Veracode

Acunetix was too difficult to set up and some features were useless for our product. The results weren't clear, so definitely Veracode is better than Acunetix. We use WhiteSource because the level of detail is much better than Veracode. We didn't choose Veracode over them but we already had Veracode as per some clients' recommendations.
Anonymous | TrustRadius Reviewer

Return on Investment

Netsparker

  • NetSparker has saved the team a lot of time since the scans quicker than our older software.
  • NetSparker has been costing the company a lot compared to previous security software.
  • Netsparker has helped improved our overall business objectives by finding an efficient and collaborative way to run scans on our systems.
Jatel Desai | TrustRadius Reviewer

Veracode

  • We have only started using Veracode in the past few months, and not identified any tangible impact. However, since our potential customers insist on us not having vulnerabilities and conduct independent checks, it does have the potential of helping us there. Also, there is a value attached to being less vulnerable to data breach or loss and compromise of our production systems, any of which will have a material impact on the appeal of our service.
Anonymous | TrustRadius Reviewer

Pricing Details

Netsparker

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Veracode

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison