What users are saying about
Likelihood to Recommend
If you need to perform static application security testing (SAST) and low price is not a problem, then Veracode is a good choice. The speed of the static analysis could also be increased. It is, however, one of the few tools available that can analyze the bytecode of a .Net web application and provide very good analysis of the application. The generated report is also quite good, even though it appears everyone wants a report based on PCI problems, even if your application does not deal with any financial information.
- Veracode works very well from within Visual Studio for .Net based websites.
- The API, once figured out, is very useful for performing Continuous Integration/Continuous Deployment (CI/CD) portion of the DevSecOps process.
- It currently supports most of the development environments that we use ar MPR such as .Net and NodeJS.
- Available online - SaaS, could be a desktop application too.
Employee in Information TechnologyInformation Technology and Services Company, 10,001+ employees
Mathematica Policy Research has used a few open source tools to perform SAST. The open source products do not hold up with Veracode. We have also written some of our own custom SAST applications for specific web products. We do not use Veracode for Dynamic Application Security Testing (DAST). We find that that there DAST is just expensive for us to use so we use a different tool.
Return on Investment
- As I already stated, the cost per application is very high which makes the use of Veracode too expensive for many of out applications.
- The analysis report is accepted by our clients as a proper SSAT report.
- Most of out competition does not perform any type of SSAT on the applications they create. This is something we offer and be the only one out there doing this type of testing.
Premium Consulting/Integration Services—
Entry-level set up fee?