Services Project Lead, Information Technology at IGT Solutions
Real User
Top 10
2024-10-28T10:04:00Z
Oct 28, 2024
I would like WebInspect's scanning capability to be quicker. Specifically, being able to scan a particular flow or part of an application more rapidly would be beneficial. Additionally, the cost of the licensing, particularly for multiple user licenses, could be more relevant, which would improve affordability and distribution among users.
I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them. While Fortify WebInspect has automated scanning capabilities, it's not fully automated for 100% of the tasks. It can identify the website's structure and what the website uses. Still, for penetration testing, users like me or the customers must manually verify and test certain aspects to ensure the vulnerabilities are effectively addressed. They could develop a feature that automates sending packets back and forth, performing penetration tests, and verifying the impact of vulnerabilities, significantly enhancing the tool. It should be able to compromise vulnerabilities, report on them, and list the most critical issues that need fixing.
Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment. The pricing of the product is an area that can be considered for improvement. In the future, Fortify WebInspect should be made available at a cheaper rate since, in Korea, there are many other cheap alternatives available.
Senior Manager - IT Security & ISMS at Ericsson
Real User
Top 5
2023-04-25T11:17:08Z
Apr 25, 2023
We were not able to host or install Fortify in some of our systems due to incompatibility. For a core company like ours using products like AppRizzo and similar technologies, the integration or installation of Fortify within the use tools would offer an upper hand relative to other scanning tools. Most organizations want a very seamless integration or installation with the many different technologies they use for their respective units.
Consulting Engineer at a consultancy with 11-50 employees
Real User
Top 10
2023-03-21T07:18:35Z
Mar 21, 2023
We have had a problem with authentification. Most applications need authentication to scan to show results correctly. It doesn't allow for various types of authentications. We have had some bugs on the solution. The on-premises deployment does not scale.
Information Security Architect at a real estate/law firm with 1,001-5,000 employees
Real User
2021-11-11T16:34:45Z
Nov 11, 2021
It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application. Its installation and maintenance are not easy. Its updates and upgrades are hard. Its performance needs to be stabilized. It should also be able to find more vulnerabilities than other tools. It is expensive. Its price needs to be improved.
The solution is on the expensive side. It's something that clients comment on. If they could make it more reasonable, it would be better. Lately, we've seen more false negatives.
Sr. Manager Business Operations Protection at a consumer goods company with 10,001+ employees
Real User
2020-07-19T08:15:55Z
Jul 19, 2020
Our biggest complaint about this product is that it freezes up, and literally doesn't work for us. It may be in part the way we have it set up, or how we've licensed it. It is awkward and not very friendly to work with. The version that I am using is not capable of generating reports to HTML or PDF, so I can't share them. I have to get somebody else to log into the application and view the results themselves. Simply, I can't output a report that I can easily share.
Security Researcher at a financial services firm with 5,001-10,000 employees
Real User
2020-05-05T06:08:31Z
May 5, 2020
There were times when we had to run the login sequence several times in order to capture it properly. It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved.
Senior Information Technology Architect at a computer software company with 11-50 employees
Real User
2020-03-30T07:58:10Z
Mar 30, 2020
Creating reports is very slow and it is something that should be improved. In the future, I would like to see better integration between static analysis and dynamic analysis.
Right now, it's kind of bulky. There are a lot of newer generation tools coming out that are easier. Also, when it comes to the installation and deployment, they inspect the enterprise. It was ok with the scale, but still I think they can make it a little lighter in nature.
Senior Software Developer at a financial services firm with 10,001+ employees
Real User
2019-11-14T06:33:00Z
Nov 14, 2019
The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective.
Information Security Architect at a real estate/law firm with 1,001-5,000 employees
Real User
2019-06-24T12:13:00Z
Jun 24, 2019
The solution needs improvements from the scanning and the technical perspective. In the next release, we would love to see smooth scale mobile testing - if it has similar to testing with wider applications for different technologies as well because people are moving towards mobile. If the solution can integrate AI and also understand the application by itself, this will be great.
Fortify WebInspect is an automated DAST solution that helps security professionals and QA testers uncover security vulnerabilities and configuration concerns by providing complete vulnerability detection. This is accomplished by mimicking real-world external security attacks on a live application in order to discover and prioritize concerns for root-cause study. Fortify WebInspect provides a number of REST APIs for easier integration, as well as the ability to be maintained via an intuitive...
I would like WebInspect's scanning capability to be quicker. Specifically, being able to scan a particular flow or part of an application more rapidly would be beneficial. Additionally, the cost of the licensing, particularly for multiple user licenses, could be more relevant, which would improve affordability and distribution among users.
There are some file extensions, like .SER, that Fortify WebInspect doesn't scan. For these, we have to depend on other tools like GitHub scanners.
I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them. While Fortify WebInspect has automated scanning capabilities, it's not fully automated for 100% of the tasks. It can identify the website's structure and what the website uses. Still, for penetration testing, users like me or the customers must manually verify and test certain aspects to ensure the vulnerabilities are effectively addressed. They could develop a feature that automates sending packets back and forth, performing penetration tests, and verifying the impact of vulnerabilities, significantly enhancing the tool. It should be able to compromise vulnerabilities, report on them, and list the most critical issues that need fixing.
Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment. The pricing of the product is an area that can be considered for improvement. In the future, Fortify WebInspect should be made available at a cheaper rate since, in Korea, there are many other cheap alternatives available.
We were not able to host or install Fortify in some of our systems due to incompatibility. For a core company like ours using products like AppRizzo and similar technologies, the integration or installation of Fortify within the use tools would offer an upper hand relative to other scanning tools. Most organizations want a very seamless integration or installation with the many different technologies they use for their respective units.
We have had a problem with authentification. Most applications need authentication to scan to show results correctly. It doesn't allow for various types of authentications. We have had some bugs on the solution. The on-premises deployment does not scale.
Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use.
A localized version, for example, in Korean would be a big improvement to this solution.
It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application. Its installation and maintenance are not easy. Its updates and upgrades are hard. Its performance needs to be stabilized. It should also be able to find more vulnerabilities than other tools. It is expensive. Its price needs to be improved.
The scanner could be better. The out of bounds channel is missing and it makes it hard to nail down the vulnerabilities.
The solution is on the expensive side. It's something that clients comment on. If they could make it more reasonable, it would be better. Lately, we've seen more false negatives.
Our biggest complaint about this product is that it freezes up, and literally doesn't work for us. It may be in part the way we have it set up, or how we've licensed it. It is awkward and not very friendly to work with. The version that I am using is not capable of generating reports to HTML or PDF, so I can't share them. I have to get somebody else to log into the application and view the results themselves. Simply, I can't output a report that I can easily share.
There were times when we had to run the login sequence several times in order to capture it properly. It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved.
Creating reports is very slow and it is something that should be improved. In the future, I would like to see better integration between static analysis and dynamic analysis.
Right now, it's kind of bulky. There are a lot of newer generation tools coming out that are easier. Also, when it comes to the installation and deployment, they inspect the enterprise. It was ok with the scale, but still I think they can make it a little lighter in nature.
The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective.
The solution needs improvements from the scanning and the technical perspective. In the next release, we would love to see smooth scale mobile testing - if it has similar to testing with wider applications for different technologies as well because people are moving towards mobile. If the solution can integrate AI and also understand the application by itself, this will be great.
The service can be improved by creating a reduction of false positives.