Easy to scan and then share scan reports, it has definitely streamlined many processes.
Ops Risk Lead at a tech services company with 10,001+ employees
Needs a cloud-based version, although it's easy to scan and then to share scan reports
Pros and Cons
- "Guided Scan option allows us to easily scan and share reports."
- "One thing I would like to see them introduce is a cloud-based platform."
- "We have often encountered scanning errors."
How has it helped my organization?
What is most valuable?
Guided Scan option allows us to easily scan and share reports.
What needs improvement?
One thing I would like to see them introduce is a cloud-based platform.
For how long have I used the solution?
One to three years.
Buyer's Guide
Fortify WebInspect
November 2024
Learn what your peers think about Fortify WebInspect. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
We have often encountered scanning errors.
What do I think about the scalability of the solution?
Not applicable.
How are customer service and support?
I would rate tech support at six out of 10.
How was the initial setup?
The setup was very straightforward.
What's my experience with pricing, setup cost, and licensing?
It’s a fair price for the solution.
Which other solutions did I evaluate?
No, we did not evaluate other options.
What other advice do I have?
I rate it five out of 10. I was not very impressed.
It's a good product, but get a license for cloud-based, if available.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Information Technology Architect at a computer software company with 11-50 employees
Good static code analysis helps to discover vulnerabilities
Pros and Cons
- "The most valuable feature is the static analysis."
- "Creating reports is very slow and it is something that should be improved."
What is our primary use case?
I am using WebInspect for finding vulnerabilities.
What is most valuable?
The most valuable feature is the static analysis.
What needs improvement?
Creating reports is very slow and it is something that should be improved.
In the future, I would like to see better integration between static analysis and dynamic analysis.
For how long have I used the solution?
I have been working with WebInspect for one year.
What do I think about the stability of the solution?
We have never had a problem with stability.
What do I think about the scalability of the solution?
This is a scalable solution. I performed an analysis of more than five million rows and it took perhaps three hours.
How are customer service and technical support?
Technical support is a bit slow, as sometimes it takes too long to get responses. However, the support is good because our problem was fixed after just one interaction with them.
Which solution did I use previously and why did I switch?
Prior to using WebInspect, I was using SonarQube. The problem with SonarQube is that they are not very good at analyzing ASP.NET applications, so I gave up on it.
What's my experience with pricing, setup cost, and licensing?
The pricing is not clear and while it is not high, it is difficult to understand.
What other advice do I have?
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
I believe the reviewer or the forum organizer has posted this review in the wrong area, or confused Fortify's WebInspect product (DAST) with their Static Code Analyzer ("Fortify SCA") product (SCA).
+++++++++
Fortify general: www.microfocus.com
SCA: www.microfocus.com
WebInspect: www.microfocus.com
Buyer's Guide
Fortify WebInspect
November 2024
Learn what your peers think about Fortify WebInspect. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Security Researcher at a financial services firm with 5,001-10,000 employees
Easy to use with a simple interface, but we sometimes had trouble capturing login sequences
Pros and Cons
- "The user interface is ok and it is very simple to use."
- "It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
What is our primary use case?
We use WebInspect for performance network application testing to be sure that we aren't creating any security issues.
What is most valuable?
The most valuable feature is the performance.
The user interface is ok and it is very simple to use.
What needs improvement?
There were times when we had to run the login sequence several times in order to capture it properly.
It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved.
For how long have I used the solution?
I have been using WebInspect for about one year.
What do I think about the stability of the solution?
The stability is good.
What do I think about the scalability of the solution?
Scalability has only been an issue in that larger sites take a lot longer to scan.
How are customer service and technical support?
I have not been in contact with technical support.
Which solution did I use previously and why did I switch?
I have used Qualys in the past but more for vulnerability management in the infrastructure, as opposed to web application security.
How was the initial setup?
The initial setup is straightforward and very simple. I simply download the file on my home laptop and started testing with it.
What about the implementation team?
I can deploy this solution on my own.
Which other solutions did I evaluate?
I have been told by friends and colleagues that Acunetix is better, so I will be evaluating that solution in the future.
What other advice do I have?
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senior Consultant at a tech services company with 1,001-5,000 employees
Good technical support but needs a reduction in false positives
Pros and Cons
- "Technical support has been good."
- "The initial setup was complex."
What needs improvement?
The service can be improved by creating a reduction of false positives.
For how long have I used the solution?
I've been using the solutions for the last three months.
What do I think about the scalability of the solution?
My organization is a big organization so I don't know exactly if my organization will increase usage.
How are customer service and technical support?
My experience with technical support has been good.
Which solution did I use previously and why did I switch?
We did use a different solution previously.
How was the initial setup?
The initial setup was complex.
What other advice do I have?
Currently, I'm satisfied with the solution. I would rate this product a 7 out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Fortify WebInspect Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Veracode
Checkmarx One
OWASP Zap
SonarQube Cloud (formerly SonarCloud)
Fortify on Demand
Acunetix
Aqua Cloud Security Platform
PortSwigger Burp Suite Professional
HCL AppScan
Qualys Web Application Scanning
Rapid7 AppSpider
Rapid7 InsightAppSec
PortSwigger Burp Suite Enterprise Edition
Buyer's Guide
Download our free Fortify WebInspect Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What alternatives are there for Fortify WebInspect and Fortify SCA?
- Which solution do you prefer: Fortify WebInspect or HCL AppScan?
- When evaluating Dynamic Application Security Testing (DAST), what aspect do you think is the most important to look for?
- Why is Dynamic Application Security Testing (DAST) important for companies?
Agreed, but as comparing with other cloud based web app scan tools, Web Inspect results are much more accurate, hence as a tool MicroFocus should start making this tool as a cloud version