OpenText Dynamic Application Security Testing Reviews

We use WebInspect for dynamic application security testing, and integrating that into all our needs.

In terms of its most valuable features, it is scalable and very easy to use.

Right now, it's kind of bulky. There are a lot of newer generation tools coming out that are easier.

Also, when it comes to the installation and deployment, they inspect the enterprise. It was ok with the scale, but still I think they can make it a little lighter in nature.

I have been using WebInspect for around six, seven years.

It's quite a stable product.

WebInspect is a scalable product. We have users in the double digits, around 10-15 users. At any time there are a couple of project users, so I would say around eight to ten.

We require one person maximum for deployment and maintenance.

I have been satisfied with my experience with the customer support.

I previously used AppScan. We switched due to an overall change in our organization in Azure. IBM sold this to HCL so there is no IBM grant attached to it.

The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex.

The first time we deployed it, it really took awhile because of some issues on our side and on their side. Installation can last for more than three days.

Our team implemented it along with some of the other professional departments.

We did evaluate AppScan for this task. Both solutions are good. We also evaluated Oracle of course, but it is purely a SaaS solution and that's the reason it was not considered.

Yes, I would recommend WebInspect. It is a good product, comparable to AppScan. It is quite scalable, and good cost/value with the support and backing from Micro Focus. It's good and I definitely recommend it.

On a scale of one to ten, I would give it an eight.

We primarily use the solution for dynamic application scanning.

It's a well-known platform for doing dynamic application scanning.

The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective.

The solution is stable.

We've yet to test the scalability of the solution, so I can't comment on how scalable it is just yet. Right now, we have our DevOps team working with it, about three to five people.

We've never been in touch with technical support.

Right now we are in the middle integration, so I'm not sure how much time it's going to take. We haven't yet scanned any of our endpoints, and I'm not sure how much complexity will be involved during the process.

We're using the public cloud deployment model. Our provider is Microsoft.

We just chose the solutions for dynamic scanning and static scanning, but we haven't performed any scanning yet.

I'd recommend it; I'd rate the solution seven out of ten.

We primarily use the application for web application scanning.

I've found the centralized dashboard the most valuable. For management, it helps a lot to have abilities at the central level.

The solution needs improvements from the scanning and the technical perspective.

In the next release, we would love to see smooth scale mobile testing - if it has similar to testing with wider applications for different technologies as well because people are moving towards mobile. If the solution can integrate AI and also understand the application by itself, this will be great.

Stability wise, the tool is stable, but the tool still requires some improvements in the latest technology websites.  For example, if there is a single website or e-commerce website, it is still trying to understand a lot of the applications while it scans. It is not that smooth with complex websites. We have about 80-100 users on the solution.

So far technical support is good. It is fair enough. They haven't got a response or turn around time. From the support perspective, it is good.

I haven't used any different solution here, but in another organization, I have used multiple application scanning products. I've used IBM scan. I have used SecuRex. Those were good as well.

The initial setup is pretty good. They have a step by step guide and everything is given. It sets up with the environment but it requires a lot of memory and the system requires a lot of memory. That is the only negative, normally if you have a three-way scanner, it would run smoothly on even a small configuration laptop. This was a delicate setup.

I'm not sure about the licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools with similar functionalities. The pricing is a little more costly than other regular solutions. There are only two such products that are this costly. This and IBM. The rest of the application scanners are not as costly.

I am currently evolving, going through the product. We have yet to go through all the features and functionalities of the product. The way it checks for vulnerabilities helps a lot. It makes the most of the check for vulnerabilities. The centralized dashboard for the management is good but I'm still looking into it. That and other features we are yet to be discovered. I'm still trying to get to know all the features.

Looking at an enterprise level product is good. With it, you get a centralized board, you have a management view, enroll management and access management. Everything is there. But still, check your requirements, what you need. If you use it for a certain amount of applications, you might not need such a heavy tool.

Our requirement is 10 or 20 times more than a regular company and hence we went with an enterprise solution and had somebody who could implement this. If your requirement is a little less, it might just call for some other scanners based on your requirements. 

If you do need such an extensive requirement, ensure that you also have the data servers and systems for such tools. It will be easy to implement in any environment if you do.

I would rate this solution 7 out of 10.

The service can be improved by creating a reduction of false positives.

My organization is a big organization so I don't know exactly if my organization will increase usage.

My experience with technical support has been good.

We did use a different solution previously.

The initial setup was complex.

Currently, I'm satisfied with the solution. I would rate this product a 7 out of 10.

Easy to scan and then share scan reports, it has definitely streamlined many processes.

Guided Scan option allows us to easily scan and share reports.

One thing I would like to see them introduce is a cloud-based platform.

We have often encountered scanning errors.

Not applicable.

I would rate tech support at six out of 10.

The setup was very straightforward.

It’s a fair price for the solution.

No, we did not evaluate other options.

I rate it five out of 10. I was not very impressed.

It's a good product, but get a license for cloud-based, if available.