We performed a comparison between Fortify on Demand and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I do not remember any issues with stability."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"t's a cloud-based solution, so there was no installation involved."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"This product is top-notch solution and the technology is the best on the market."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"This product is designed for easy scalability and can easily scale up without major challenges."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"We have experienced quick customer support. They have a complete list of our previous issues along with our history, which makes it faster for them to solve issues."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"Reporting could be improved."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"The products must provide better integration with build tools."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"In certain cases, this product does have false positives, which the company should work on."
"The pricing does not seem to be competitive."
"The reporting contains too many false positives."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"The support could be faster."
"There should be better visibility into the application."
"There should be better visibility into the application."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
More Qualys Web Application Scanning Pricing and Cost Advice →
Fortify on Demand is ranked 8th in Application Security Tools with 57 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Fortify on Demand is rated 8.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Fortify on Demand vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.