Great DAST and Penetration Testing Platform.
January 16, 2024
Great DAST and Penetration Testing Platform.
Score 10 out of 10
Vetted Review
Verified User
Modules Used
- Dynamic Analysis (DAST)
- Penetration Testing
Overall Satisfaction with Veracode
We use Veracode as our primary source for Dynamic (DAST) Scans and Annual penetration testing. We were looking for ways to consolidate tooling in our organization with a centralized cloud product and Veracode provides that.
- Provides robust readouts on vulnerabilities.
- Allows for detailed or customized reports to fit your organizations or clients needs.
- Remediating findings in the tool is exceptionally easy to understand and execute.
- MPT Results should be segmented from DAST/SAST results.
- MPT Reports should include more information on scoping and testing dates as generally provided by accounting firms conducting similar tests.
- Vulnerability readouts should not be so hidden in the platform (It shouldn't take as many clicks to get to and view).
- Consolidation of tools has saved our org thousands of dollars.
- Dast and penetration findings are found in the same dashboard.
- The platform lets us quickly demonstrate to external auditors that we're continuously monitoring our platform.
This is dependent on the services provided by a vendor. Wherever possible, consolidation will save money and time as long as the product continues to meet the customer's needs. In Veracode's position, our organization consolidated two vendors into a single deployment.
Very important. The ability to customize reporting for internal and external stakeholders is key in ensuring appropriate information is shared with the right parties. Reports can be customized, defaulted to executive summaries, made to meet PCI requirements, etc.
We use the product to scan both staging and production environments to ensure issues found in a lower environment aren't promoted to production machines.
No change in the impact to our security program as we obtained the software to consolidate other tools used by our organization.
Veracode was brought in to supplement services previously provided by other vendors. As our org recently acquired another organization, we identified Veracode as a 'go-forward' system needed to consolidate security tooling in the organization.
Do you think Veracode delivers good value for the price?
Yes
Are you happy with Veracode's feature set?
Yes
Did Veracode live up to sales and marketing promises?
Yes
Did implementation of Veracode go as expected?
Yes
Would you buy Veracode again?
Yes