Veracode is as easy as 1-2-3!
August 30, 2021

Veracode is as easy as 1-2-3!

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Dynamic Analysis (DAST)

Overall Satisfaction with Veracode

Veracode is used as a scanning tool for thousands of apps across the whole organization. The scan result it generates serves as a deciding factor as to whether or not the application will push through the production environment/stage. The scan also tells the application team where the vulnerabilities or weak points are, as well as the security posture of the application.
  • The identified security vulnerabilities are detailed and well-explained.
  • Description of the solution/mitigation is well-presented.
  • Links to different topics that cover/discuss the vulnerability are present and not that of dead links.
  • Proactive Veracode supports are always ready to assist and even go beyond what they are asked to do.
  • The status of the scan, as shown in the Application section, is different from the Dynamic Analysis section.
  • Bug on stopping the scan and deleting the previous application scans.
  • Unable to download the dynamic analysis scan report; had to go to static scan result first to download the report.
  • Linking of application is seldom not working.
  • It is user-friendly. Easy to understand and navigate.
  • It is excellent in identifying weak ciphers that are not in line with our organization's policy/standard.
  • Veracode supports always come in handy.
  • Decreased number of scan setup by its option for recurring scan, unlike the tool we used to use.
  • Though rarely, some scans were not able to finish within the agreed SLA.
IBM Security AppScan Standard: it is tedious to create a login script and only compatible for apps that use IE and Google Chrome. It is also hard to integrate it into our third-party tool for vulnerability monitoring. Whereas Veracode is as simple as inputting the credential(s) and creating a log-in script is not that hard either. Also, once the application is linked, vulnerabilities identified will be shown in our third-party vulnerability monitoring tool.

Do you think Veracode delivers good value for the price?

Not sure

Are you happy with Veracode's feature set?


Did Veracode live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Veracode go as expected?


Would you buy Veracode again?


As part of the team that does dynamic analysis scan, personally, the strongest points of Veracode are being able to identify weak ciphers, missing CSP headers, SQL injections, CSRF, and XSS. Applications that run in Internet Explorer is one of its limitations and not its strong suit, though rarely, it was able to scan successfully if the application only used a basic login page.