ReadyAPI (formerly SoapUI Pro, LoadUI Pro, and ServiceV Pro) is a REST and SOAP API functional testing tool that enables software developers, QA engineers, and manual testers to work together to create, maintain, and execute complex end-to-end API tests in their CI/CD pipelines without needing to code.
N/A
Veracode
Score 8.0 out of 10
Small Businesses (1-50 employees)
Veracode is an application security platform that performs five types of analysis; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Veracode offers on-demand expertise and aims to help companies fix security defects.
As stated, we do a LOT of API testing, the swaggerhub import makes it easy to add APIs. This is very well-suited, as well as easy management of the steps/cases/suites inside of ReadyAPI. The one thing I do wish ReadyAPI was better suited for is changes to data, we have a lot of test cases in ReadyAPI and if we make a change to how the backend data is structured, one-by-one adjustments need to be made to the steps. Less appropriate, UI testing.
Veracode is well suited for small software companies, as well as organizations supporting multiple products. A well-defined and orchestrated build process will be a huge help when setting up a build upload integration with Veracode. Once scans are running smoothly, and assuming you have an integration with your ticketing system, you will rarely have to sign into Veracode's interface.
The pipeline scan is a very fast way to scan code and inform developers if a new flaw is introduced by their pull requests.
Upload & Scan provides an in-depth analysis of the codebase, which features like reporting being made easy.
SCA Scans help us not only identify the vulnerabilities but also in helping fix them and in identifying if our application is using that part of the vulnerable library or not.
Veracode is very easy to integrate into the CI/CD pipelines (especially Jenkins)
The time it takes to scan large projects makes it difficult to fit into our CI/CD/pipeline
One of our app scans times out after 2 hours and we have to upload it and scan manually but there is no visibility the CI system has as to vulnerabilities found
Integration with older development languages to scan. We have old 4GL based application that is not compatible with the tools
The only reason this isn't a '10' is because of the cost. This product is definitely meant for organizations who are serious about making sure they invest in the full ecosystem of API design, development, maintenance. But there is a significant cost associated with this investment. and because of this cost (and the non-tangible output for executives), it is a difficult line-item to justify in this post-pandemic environment.
At this time, and we just renewed a month ago, I dont see any products out there overall that can offer what Veracode does. Yes, its not cheap by any means, but for the money its the best application security scanning tool out there.
SoapUI allows us to combine multiple tests and adhere to the sequence that they need to run in order to complete successfully. It has an excellent GUI design and the reporting mechanism is also very good. It does consume a lot of memory though during concurrent testing
- Almost no setup required and easy to configure - Very easy to use, intuitive UI with integrated analytics and learning portals. - Seamless to review the results, triage them, generate reports. - Security progression of the product/application is tracked via successive scans. - Privileges/Roles nicely fine grained and tightly controlled to let teams "view" only their products.
Soap UI has managed to continuously build on it's solid foundation and keep improving by each release. It is by far the most dependable and accurate testing tool out there of its kind. Available via connecting to VM's created as SoapUI test machines give access to it anytime, anywhere practically.
To be honest, we didnt had much issues with the support, as there is already plenty of online communities available for help. But if ever there were some minor issues with the membership or the certificates, the tech support was always quick and efficient enough to resolve the issue ASAP
I thank the vendor team for continuous support on implementation of tasks and projects. Secure coding training has enabled my team to come up with best solution for most challenges affecting production in the organization. They do a well orchestrated follow-up to ensure the success of most projects after launching
We use it as a SAS service, so really just getting our teams to mold the use of Veracode into their SDLC has been a process of years in the making. It comes down to what your teams are ready and willing to accept and change. Management is key in getting their groups on board with using it regularly. If it doesnt have management backing, your security teams have little to no influence in getting this process off the ground fully.
ReadyAPI provides intuitive GUI capabilities compared to their own open source product. When compared to Postman, ReadyAPI also supports SOAP based services, which is a saver especially when integrating with legacy or other third party systems.
The maturity of the Veracode and the continuous improvements in its products it's one of the principal characteristics of chosee it, Veracode it's a SaaS platform and was born in the cloud, so this is a great option for our clients to be quick to implement also the easy of their integrations it's some valuable
It has an excellent GUI design and the reporting mechanism is also very good. It does consume a lot of memory though during concurrent testing. However, I have read that added monitoring tools have been added, which if so the 7 could possibly go to a 8 or 9.
Developers are now realizing that security is there to help them, not just the people saying NO.
When setting up Veracode integrations we found that Devs really like their IDEs and Repos. It's like a personal choice. However, as a company, it was unwieldy without devoting people to Veracode integrations to have so many so we had to slime the available IDEs to 3 and Repos to 3, just to be able to set up and maintain the integrations.
Veracode is paying for itself (though through a different cost category). Our Development costs are going down and releases are getting quicker and more agile.
