Pentest-Tools.com vs. Veracode

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Pentest-Tools.com
Score 7.0 out of 10
N/A
Pentest-Tools.com helps security professionals find, validate, and communicate vulnerabilities, whether they’re internal teams defending at scale, MSPs juggling clients, or consultants under pressure. The service provides coverage across network, web, API, and cloud assets, and includes built-in exploit validation to turn every scan into credible, actionable insight. Boasting users among over 2,000 teams in 119 countries for use…
$95
per month 5 assets included
Veracode
Score 8.7 out of 10
Mid-Size Companies (51-1,000 employees)
Veracode provides advanced application security solutions, trusted by enterprises to develop and maintain secure software. Its platform identifies exploitable risks, speeds up vulnerability remediation, and reduces security debt at scale using a proprietary AI-assisted remediation engine.N/A
Pricing
Pentest-Tools.comVeracode
Editions & Modules
NetSec
$95
per month 5 assets included
WebNetSec
$140
per month 5 assets included
Pentest Suite
$190
per month 5 assets included
No answers on this topic
Offerings
Pricing Offerings
Pentest-Tools.comVeracode
Free Trial
NoYes
Free/Freemium Version
YesYes
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional DetailsThere's a 15% annual subscription discount.Developer pricing options available
More Pricing Information
Community Pulse
Pentest-Tools.comVeracode
Considered Both Products
Pentest-Tools.com
Chose Pentest-Tools.com
Offers a great number of tools in one interface, giving you a single pane of glass to work from. Therefore, it's favourable compared to some of these other products, that do similar things but are less intuitive and less easy to use. This makes it not only easier to use, but …
Veracode
Chose Veracode
Veracode takes compiled code, so integration, regression based test cases can be evaluated well. Now, it has lot of features ranging from API sec to DAST, so have a code which is well working in live env is very essential to setup and hence giving us an edge over other tools. …
Chose Veracode
We selected Veracode after testing these tools with 3 important solutions and Veracode had a great ratio of findings, with low false positive, and the best price between the tools that were good enough.
Chose Veracode
I found SonarQube to have some decent data for code quality checks but it underperformed for code security.

Snyk is a decent product and strong competitor to Veracode for SCA. Snyk's SAST offering is not as good as Veracode and does not support as many languages.
Chose Veracode
Sonatype only identifies and scans third-party dependency and not custom-developed code—at least that's what it was doing back in 2018 when I used to utilize its services. Interface-wise, too, Veracode looks much cleaner and easier to navigate than Sonatype. Support and …
Chose Veracode
As mentioned previously, we're always considering other options. Veracode is what we need right now, and I don't think it would be fair to competitors to compare them to what we need right now. Tomorrow, we might need something else and not require Veracode—that isn't a change …
Chose Veracode
Veracode seems to provide better support and good scan coverage. Veracode also provides multiple scan types like Dynamic, Static Code, Software Composition which others may only offer 1 or 2. I might be missing it but some others like Sentinel provide schedule monthly, …
Chose Veracode
Veracode is slower with scan results however the flaws discovered and sites crawled are almost the same. Rapid7 InsightAppSec only does dynamic scans. Veracode did find more links on a site crawl. Rapid7 InsightappSec has more out of the box reports than Veracode. Both …
Chose Veracode
Veracode is easier to integrate and faster than Fossa although Mend has more visual features
Chose Veracode
Veracode was brought in to supplement services previously provided by other vendors. As our org recently acquired another organization, we identified Veracode as a 'go-forward' system needed to consolidate security tooling in the organization.
Chose Veracode
PortSwigger Burp Suite, Cisco SecureX, Microsoft Defender for Cloud and Darktrace
Chose Veracode
Mend.IO formerly WhiteSource software is a product we used prior to Vericode. It did not have all of the capabilities or depth of Vericode. Additionally, Whitesource did not offer automatic scanning as part of their product and there was no Certification program to speak of.
Chose Veracode
We used Accunetix as well mainly for web site security testing. We used Veracode for code and third party analysis.
Chose Veracode
Sonar cube was quicker, but not as thorough. Both integrated into our CI/CD pipeline, however the integration for Veracode is more straight forward.
Chose Veracode
Veracode is much better at uncovering security weaknesses and providing information and consulting. I use Veracode because our company decided for.
Chose Veracode
Veracode stands out as the best of breed for all types of AppSec scanners.
Chose Veracode
The maturity of the Veracode and the continuous improvements in its products it's one of the principal characteristics of chosee it, Veracode it's a SaaS platform and was born in the cloud, so this is a great option for our clients to be quick to implement also the easy of …
Chose Veracode
Checkmarx and Veracode have a few common points and some features which are different. Checkmarx UI is more user-friendly, but the level of detailing in Veracode reports is better. Veracode is a good choice for static analysis of code. if the user interface can be made smoother …
Chose Veracode
As the developer, not the business stakeholder, I did not select Veracode specifically. However, after using the application I believe it was the right choice. Veracode is thorough in its analyses, in its database of flaws, in its methodology of uncovering vulnerabilities, and …
Best Alternatives
Pentest-Tools.comVeracode
Small Businesses

No answers on this topic

GitLab
GitLab
Score 8.8 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
GitLab
GitLab
Score 8.8 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
GitLab
GitLab
Score 8.8 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Pentest-Tools.comVeracode
Likelihood to Recommend
7.0
(0 ratings)
8.5
(0 ratings)
Likelihood to Renew
-
(0 ratings)
6.7
(0 ratings)
Usability
-
(0 ratings)
5.5
(0 ratings)
Availability
-
(0 ratings)
7.3
(0 ratings)
Performance
-
(0 ratings)
2.7
(0 ratings)
Support Rating
-
(0 ratings)
7.8
(0 ratings)
Implementation Rating
-
(0 ratings)
5.9
(0 ratings)
Configurability
-
(0 ratings)
6.4
(0 ratings)
Ease of integration
-
(0 ratings)
6.4
(0 ratings)
Product Scalability
-
(0 ratings)
6.4
(0 ratings)
Vendor post-sale
-
(0 ratings)
6.4
(0 ratings)
Vendor pre-sale
-
(0 ratings)
8.2
(0 ratings)
User Testimonials
Pentest-Tools.comVeracode
Likelihood to Recommend
This website is well suited for organisations that perform regular security assessments. In particular, external scans and reconnaissance. As an example, I am able to run a report on our Wordpress website to enable me to see whether we are missing any important security updates. We found it to be very useful for training new security analysts, due to the straightforward GUI. You can work on the same projects together to help you to do this. Having it laid out in front of them helps them to understand the concepts much easier than using dozens of different tools to achieve the same goals, and also speeds up training. If you're a personal user it may not be appropriate due to price. If you are a personal user, I would advise using the many open source tools there are that do the same things. The strength of this platform is that it combines them into a single pane of glass, but you can achieve the same things with other tools if necessary. For example, there are many other tools that you could use to run a UDP port scan that do not cost money (EG NMAP)
Read full review
* (+) Report generation for our clients: reports are very comprehensive and look professional. * (-) Veracode pipeline scan: takes too much time, need to split our application so that it can fit within the timeout (2h). Currently we're not able to use it, we still use "upload & scan" functionality in our CI pipelines. This is a showstopper to be able to break the build in case of new vuln, and also to use Fix AI based tool.
Read full review
Pros
  • Cheaper than some other platforms
  • Good support
  • Cloud based
  • Integrates well with identity providers
Read full review
  • I like the support given by Veracode, they are very responsive and they help you get things done.
  • Veracode has well documented steps for administrating the platform and managing integrations for code scanning.
  • Veracode is easy to use and the integration of to code repositories is seemless.
Read full review
Cons
  • No logging for things like scanning. This means you don't actually know when the scan has failed if you're not immediately on the ball.
  • Reports could look better. It would be good to be able to customise the report with some different styles to suit your company's branding.
  • Could have better tutorials.
  • It may be useful to have a feature similar to Microsoft Secure Score, which compares your organisation to similar ones, so that you have a reference of how secure your environment actually is.
Read full review
  • We would like to see Veracode continue to improve the integrations available, particularly with respect to .NET IDEs. Part of our development team uses JetBrains' Rider which is, as of this time, unsupported for static integration.
  • We would also like to see Veracode continue to improve their dynamic scan offerings; with the recent addition of DAST Essentials we feel this improvement may come sooner than later.
Read full review
Likelihood to Renew
No answers on this topic
At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
Read full review
Usability
No answers on this topic
- Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.
Read full review
Reliability and Availability
No answers on this topic
Veracode has always been up and available to us.
Read full review
Performance
No answers on this topic
At this point, it runs well and mostly in a timely fashion. Dynamic scans take days but this may be a config issue still to be resolved.
Read full review
Support Rating
No answers on this topic
Overall, Veracode support is helpful, community support is great, and documentation is available for self-service. Our Customer Success Manager is very helpful and reaches out regularly to see if we need assistance. We have not utilized many of the other resources offered by Veracode, however, in the future we would like to leverage secure coding training for our Development teams.
Read full review
Implementation Rating
No answers on this topic
We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
Read full review
Alternatives Considered
Offers a great number of tools in one interface, giving you a single pane of glass to work from. Therefore, it's favourable compared to some of these other products, that do similar things but are less intuitive and less easy to use. This makes it not only easier to use, but easier to report results to your customers. Also, although the price point can seem high, once you start adding multiple paid tools that do the same job, there probably isn't a massive amount of difference (if any)
Read full review
Sonatype only identifies and scans third-party dependency and not custom-developed code—at least that's what it was doing back in 2018 when I used to utilize its services. Interface-wise, too, Veracode looks much cleaner and easier to navigate than Sonatype. Support and consultation with how-to guides and documents make Veracode easier to use.
Read full review
Scalability
No answers on this topic
Just have to define new apps
Read full review
Return on Investment
  • Price point allows us to sell the solution at an excellent margin
  • Freed up time due to the automated solutions, allowing us to utilise staff better
  • Use from anywhere due to being cloud based
Read full review
  • Positive: Scanning all our applications on Veracode provides us an overview of our cyber security posture for the organization as a whole.
  • Positive: Performing the SAST, SCA and DAST scanning for all the applications at the early stages of the SDLC helps us identify and mitigate security vulnerabilities early, reducing the risk of data breaches and cyber-attacks.
  • Negative: Sometimes Veracode SAST scanner closed and reopens some findings, leading to reliability issues on the scanner itself.
Read full review
ScreenShots

Pentest-Tools.com Screenshots

Screenshot of the Pentest-Tools.com dashboardScreenshot of the Website Vulnerability Scanner results pageScreenshot of pentest robotsScreenshot of scan results for Sniper: Auto-ExploiterScreenshot of some of the available integrationsScreenshot of an attack surface view

Veracode Screenshots

Screenshot of a fixScreenshot of the Veracode PlatformScreenshot of SCAScreenshot of SCA Github