We performed a comparison between Fortify on Demand and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"What stands out to me is the user-friendliness of each feature."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The SAST feature is the most valuable."
"The installation was easy."
"Being able to reduce risk overall is a very valuable feature for us."
"The suite testing models are very good. It's very secure."
"The solution is stable."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"We use the solution for vulnerability assessment in respect of the application and the sites."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"It offers very good accuracy. You can trust the results."
"It helps in API testing, where manual intervention was previously necessary for each payload."
"The intercepting feature is the most valuable."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"There were some regulated compliances, which were not there."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"They have very good support, but there is always room for improvement."
"Not fully integrated with CIT processes."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"The technical support team's response time is mostly delayed and should be improved."
"The solution doesn't offer very good scalability."
"PortSwigger Burp Suite Professional could improve the static code review."
"The Burp Collaborator needs improvement. There also needs to be improved integration."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Fortify on Demand is ranked 8th in Application Security Tools with 57 reviews while PortSwigger Burp Suite Professional is ranked 10th in Application Security Tools with 57 reviews. Fortify on Demand is rated 8.0, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and GitLab. See our Fortify on Demand vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.