Contrast Security Assess and Veracode: Which is the best application security testing tool?

IT Central Station users review two of the highest reviewed solutions in the application security testing market - Contrast Security Access and Veracode.

Larger digital environments have given cybercriminals more opportunities and openings to infiltrate enterprise. Because of this, application security testing is becoming increasingly important to businesses as they continue on their path to digital transformation and grow in digital stature. With an effective testing solution, businesses can identify potential security risks in their applications and remedy them before they are taken advantage of by malicious actors. However, choosing the right solution isn't easy - every business is different, and there is no ‘one size fits all' solution.

Over 388,000 professionals have used IT Central Station research to inform their purchasing decisions. Its latest paper looks at Contrast Security Assess and Veracode, two of the highest reviewed solutions in the application security testing market.

Below is a brief summary of the report, highlighting what real IT Central Station users think of each solution - from their most valuable features, to how they've improved individual businesses, as well as what each solution could do better.

Contrast Security Assess

World leading provider of security technology enabling software applications to protect themselves against cyberattacks

With an average rating of 8.8 from five reviews, Contrast Security Assess is well regarded by its users. Of interest to many companies, Contrast Security Assess appeals to companies in the computer software, comms services, and financial services sectors. It also compares favourably with other top performers including HCL Appscan and OWASP Zap.

Plaudits of Contrast Security Assess highlight the continuous monitoring aspect as one of the most important features of the solution. Users also believe that no other tool on the market does runtime scanning like Contrast does and argue that it accurately identifies vulnerabilities better than many of the other products available. However, the solution does have room to improve, and critics would like the solution to come up with more scanning rules, and better reporting capabilities. 


Covers all your application security needs in one solution through a combination of five analysis types

Achieving an average rating of 8.2 from 14 reviews Veracode is one of the most frequently reviewed solutions in the application security testing market. Its most popular markets include the financial services, insurance, and healthcare industries. It can be found most frequently at larger organisations, with 53% of reviewers coming from organisations with over 1000 employees. Smaller and mid-size companies make up 21% and 26% of reviewers respectively. 

Veracode's cloud-based approach is viewed favourably by its users, with many claiming it to be the standout feature. This approach, coupled with the appliance that lets users use Veracode to scan internal-only web applications, makes it a seamless, always up-to-date application security scanning solution. Yet, despite its strong features, Veracode could benefit from better reporting capabilities and expanded coverage that supports more platforms, frameworks, and languages.