DerScanner Reviews & Product Details

When we first got our hands on DerScanner for our company's financial application, we were in for quite a journey. The initial phase was a deep dive into the source code, a daunting 30,000 lines that seemed like a mountain to climb. Surprisingly, DerScanner made quick work of it, detecting only a handful of vulnerabilities. Review collected by and hosted on G2.com.

Actually we considered a cloud version at first. However after a discussion with DerScanner team we were recommended to stick with on-prem implementation. Review collected by and hosted on G2.com.

Our primary need was to scan the source code and executables of an in-house Pascal application that requires regular maintenance. We were particularly concerned about potential vulnerabilities, as the system is outdated, poorly documented, and has undergone heavy modifications over the years. DerScanner, with its proficiency in handling legacy systems, stood out in our search. It efficiently scans both source files and executables, providing clear instructions on mitigating risks specific to our situation. Additionally, we were pleased with its on-premise deployment option, which allows for local scanning without the need to upload code to the cloud. Review collected by and hosted on G2.com.

So far, our experience with DerScanner has been entirely positive. Review collected by and hosted on G2.com.

One common challenge with SAST solutions is the overwhelming number of issues they detect, making it difficult to distinguish crucial problems from less significant ones. This is often referred to as the problem of false positives. DerScanner addresses this effectively with its threshold capability, allowing users to set a criticality baseline. This feature enables us to focus on the most important code flaws, thereby understanding our true positive vulnerabilities more clearly. Review collected by and hosted on G2.com.

Looking ahead, an ideal enhancement would be an AI-driven assistant to aid in prioritizing findings more intelligently. While DerScanner is effective in its current form, this addition could further streamline the vulnerability management process. Review collected by and hosted on G2.com.

DerScanner allows us to improve the collaboration between our application security and development teams. By using this platform, we can include security measures at early stage in the development process. This makes it easier for developers to integrate security practices while they are coding, avoiding the need to go back and fix things later on, which can save time and reduce frustration.

Regarding collaboration with DerScanner I would mention the quality of customer service: DerScanner has genuinely changed the way I view security scanning tools. In an era where automated responses are the norm, it’s refreshing to have real people on the other end of the line, ready to help. You can tell that the team behind DerScanner values their clients and strives to provide a customer service experience that stands out from the crowd. Review collected by and hosted on G2.com.

Some of our developers at first found it difficult to adapt to the new workflow. However, over time and with adequate training and support, this challenge has been resolved. Review collected by and hosted on G2.com.

Here is the thing, every single vendor is now a SaaS company. Everyone is rushing to the public cloud and it can be challenging for companies looking for privacy and confidentiality to get an on-premises deployment. At this stage of our business we don't feel comfortable with a 100% SaaS installation. That's why Derscanner has become a fit to offer a private cloud package for us. Review collected by and hosted on G2.com.

DAST can be a bit tricky to configure at that first time. It's not like a drag and drop experience. But after some training we're good to go. Review collected by and hosted on G2.com.

DerScanner has been instrumental in helping us track down and fix vulnerabilities across our platform. Its ability to quickly pinpoint issues and provide detailed guidance on how to secure our applications has been a game changer. The tool is incredibly user-friendly. Even if you’re not a hardcore developer, you can get the hang of it pretty quickly and start making your applications safer. This was a big win for us, considering the pace at which we operate and the majority of security folks in our team. Review collected by and hosted on G2.com.

To be completely honest, DerScanner has fit so well into our workflow and has proven so useful that I'm hard-pressed to find something I don't like about it. Maybe as we continue to use it more extensively, we might come across areas that could be improved. Review collected by and hosted on G2.com.

Honestly, I never thought I'd find something as comprehensive as DerScanner. It does static, dynamic, and open source analysis all in one place. For someone like me working at a training company, where we are constantly developing new training software, this is a game changer.

And whenever I got stuck, the support team was there, ready to help. Review collected by and hosted on G2.com.

When I first started using it, the amount of information it gave me was a lot to take in. It took a bit to figure out what’s what and not get lost in all the details. Review collected by and hosted on G2.com.

OK, so I have to admit, DerScanner is pretty good when it comes to understanding Delphi code. It checks everything – the whole source code, libraries, and even resource files. I mean, it's like having a super-smart buddy checking your work for any possible mistakes. Keeping in mind I had some hard times finding a solution that does support Delphi — not the most popular framework these days. DerScanner has been a great find. Review collected by and hosted on G2.com.

There are occasional false positives, but they were less often than in other solutions we have used. I assume it takes some time for a system to adapt to the type of code you have usually in your environment. With time the results are getting better. Review collected by and hosted on G2.com.

I've had some previous experience with the scanners that's been built purely for developers and sometimes it's difficult to understand their language. DerScanner doesn’t just throw error codes or complex jargon at you, it shows you exactly where things went wrong and walks you through how to fix it. And that's all explained in the language that a security guy can understand. And for someone who isn’t exactly a coding hero, this makes a difference. As your security practice gets more mature you can benefit from Fuzzy Logic Engine technology. It doesn’t go off the rails sending false alarms every time there’s a minor issue. It knows how to tell the difference between a real vulnerability and a false alarm. Review collected by and hosted on G2.com.

As we prefer the on-prem deployment the hardware requirements can be a bit resource consuming like the RAM it needs. But as long as it does the job, I'm fine with that. Review collected by and hosted on G2.com.

We tested a couple of scanners on the market, including some from popular vendors. Despite this, we selected DerScanner because of some underestimated features, such as mobile app testing and binary application security testing. Review collected by and hosted on G2.com.

For us, static analysis of source codes as well as binaries is a crucial capability in the scanner. As our development team relies heavily on open source, we also use software composition analysis a lot. In addition, we can see that if the dynamic analysis project is not set up properly, some issues may be missed. It is still necessary to educate our developers on how to do it correctly. Review collected by and hosted on G2.com.