Review: 5 application security testing tools compared

Users weigh in on favorite features, room for improvement

Application security is arguably the biggest cyber threat, responsible for 90 percent of security incidents, according to the Department of Homeland Security. Yet it suffers from not-my-job syndrome, or, as SANS put it in its 2015 State of Application Security report, "Many information security engineers don’t understand software development — and most software developers don’t understand security."

Stepping into that gap are application security testing tools. Scads of them, in fact. (Gartner's 2015 Magic Quadrant for application security testing showed a handful of leaders, followed by a pack of challengers and niche players.)

For this profile, we chose the top 5 vendors and tools as measured by the number of product reviews, ratings, and comparisons from the IT Central Station community.

Ready to find out what enterprise users really think about HP Fortify on Demand, QualysGuard Web Application Scanning, Checkmarx, WhiteHat Sentinel, and SonarQube? Buckle up. Here, in their own words is what users say are the standout features (and greatest shortcomings) of each of these products.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.