Application Security Solution Reviews — Best of 2016

Which Application Security Solutions do Enterprise Technology Professionals recommend?

IT Central Station users review the best enterprise Application Security Solutions of 2016, sharing their experience and insights on the products they use.

In our community of over 188,076 enterprise tech professionals, solutions are ranked based on the reviews and ratings of real users, evaluating features such as reliability, stability, and ROI.

Below are the Top 5 Application Security solutions, according to our user community.

application security solution reviews

HPE Fortify on Demand

Solution Security Architect Thomas Bullinger shares that the “on-demand” and “cloud-based” features in HPE Fortify on Demand are “well suited to occasional and price-conscious use…fast turn-around allows for easy integration into the development process without any major impact on development efforts.”

Bullinger also emphasizes the “very quick turnaround for security code reviews which allowed us to integrate this (formerly missing) function into the overall development and testing lifecycle.”

Room for Improvement

“There are a lot of false positives and there’s not a good way to manage them. They appear after every scan, and it would be nice to have them marked out so that we don’t see them”, writes another user.

User Jason Lebrecht also adds “I believe that HP’s Fortify on Demand Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities.”

application security reviews

Checkmarx

“Checkmarx scans code for security vulnerabilities without needing to compile first… it saves us a lot of time…pre-compile scanning is seamless. This allows us to scan more code”, writes Deepak Rathore.

Room for Improvement

Robert V. Jones identifies vulnerability scanning as an area to be improved, suggesting “to expand the application languages and frameworks that can be scanned for vulnerabilities. This includes expanded coverage for mobile applications as well as open-source development tools.”

 

SonarQube

“SonarQube helps us to determine the maturity and quality of the coding of our software customers, preventing future crashes in the software.” writes QA Engineer Javier Rubio.

Rubio also emphasizes the value of SonarQube’s time machine tool, which his organization uses to “take important decisions to determine if the projects are going in the right direction.”

Room for Improvement

Because of the different modules and languages that the new SonarQube uses, the analysis time is increasing, and some projects are “difficult to configure”, adds Rubio.

DevOps Engineer Arvind Katoch also adds that “it would be great if it (SonarQube) also covered XML code.”

 

QualysGuard Web Application Scanning

Users account for QualysGuard protecting their organization “against zero-day vulnerabilities, like Heartbleed.”

QualysGuard is also noted for giving visibility into “our externally exposed web applications and showed us vulnerabilities that we were not aware of and did not know how to test for. We didn’t need any knowledge of these vulnerabilities or how they worked to scan for them and gain the visibility.”

Room for Improvement

Security Analyst Aniruddha Maplani suggests that a scheduling feature would allow to “scan on the weekends and holidays in a planned way.”

“It’s missing some zero-day patches”, writes another user.

 

PortSwigger Burp

PortSwigger Burp is “by far the best application assessment tool I have used. It is more usable and has more features than most of the enterprise tools that cost 10-100 times as much”, writes Seth Art, a Senior Security Consultant.

When asked about PortSwigger Burp’s most valuable features, both Art and Razvan Gabriel Coman list the Intruder, Repeater, and the Extender.

The Intruder, for example, explains Coman, “allows inserting predefined or custom payloads at chosen locations inside requests and analyzing results using custom filters.”

Room for Improvement

Automated pen-testing scripts to detect application vulnerabilities such as SQL injections and XSS are “not extremely useful” described Information Systems Security Officer Golnaz Elahi.

Elahi explains that “the results need to be double-checked manually, and false positives are very common, i.e., the tool detects a vulnerability from the HTTP response when a vulnerability does not actually exist.”
Have more questions or inquiries about Application Security Solutions?

Check out the full Top 10 Application Security Solutions of 2016 with peer reviews.

IT Central Station is Proud to be a Media Partner at the Green Data Center Conference

The 8th annual Green Data Center Conference is now open for registration. Register Now for Early Bird Pricing at #GDCON 2017 IT Central Station is proud to be a media partner at the Green Data Center Conference, taking place Feb. 21-23, 2017 in La Jolla, CA. Early bird registration is now OPEN for the 8th annual […]

Continue reading...

Enterprise Social Software Reviews — Best of 2016

itcs-blog

Which Enterprise Social Software did Enterprise Technology Professionals prefer in 2016? 6,188 IT Central Station users follow the Enterprise Social Software category, and have contributed over 89 software reviews. With an average review ranking of 8.2, Enterprise Social Software user reviews evaluate criteria such as: Valuable features Organizational improvements Solution use cases Deployment capabilities Scalability […]

Continue reading...

Benefits Administration Reviews — Best of 2016

itcs-blog

IT Central Station users review the best enterprise Benefits Administration Solutions of 2016 IT Central Station users have reviewed over 110 Benefits Administration solutions, ranking them according to reliability, stability and ROI from the solution. Below are the Top 5 Benefits Administration Solutions in 2016, according to our user community. Oracle E-Business Suite “It’s out […]

Continue reading...

Enterprise Flash Array Storage Reviews — Best of 2016

itcs-blog

IT Central Station community members have contributed over 290 Enterprise Flash Array Storage Reviews for Enterprise solutions in 2016. Our users discuss: What they love about their current Enterprise Flash Array Storage solutions. Where they see Room for Improvement. How scalable they find the solutions to be. How the solutions compare to others they’ve used […]

Continue reading...

Load Testing Tools Reviews — Best of 2016

itcs-blog

Over 188,076 professionals have used IT Central Station research on enterprise tech. All reviews and ratings are from real users, validated by our triple authentication process. Here are the Top Load Testing Tools of 2016 based on product reviews, ratings, and comparisons. HPE LoadRunner One attribute that HPE LoadRunner is known for among our community members is […]

Continue reading...

Event Monitoring Solution Reviews — Best of 2016

itcs-blog

Over 188,076 professionals have used IT Central Station research on enterprise tech. All reviews and ratings are from real users, validated by our triple authentication process. Here are the Top Event Monitoring Solutions of 2016, according to the IT Central Station community. CA Unified Infrastructure Management Erik Giles praises CA Unified Infrastructure Management for providing his […]

Continue reading...

Enterprise IT Infrastructure Monitoring Reviews — Best of 2016

itcs-blog

Over 188,076 professionals have used IT Central Station research on enterprise tech. Here are the best IT Infrastructure Monitoring solutions based on product reviews, ratings, and comparisons. All reviews and ratings are from real users, validated by our triple authentication process. Here are the Top IT Infrastructure Monitoring Solutions of 2016 according to the IT Central […]

Continue reading...

Enterprise Help Desk Solution Reviews- Best of 2016

IT Central Station users review the best enterprise Help Desk software of 2016 IT Central Station community members have contributed over 300 help desk software reviews for enterprise solutions in 2016. Our users discuss things they love about their current helpdesk solutions, and where they see room for improvement. They also write about the scalability of […]

Continue reading...