We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortify on Demand can be scaled very easily."
"We have the option to test applications with or without credentials."
"Audit workbench: for on-the-fly defect auditing."
"What stands out to me is the user-friendliness of each feature."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The vulnerability detection and scanning are awesome features."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"Speed and efficiency are great features."
"It provides a better integration for our ecosystem."
"There's extensive functionality with custom rules and a custom knowledge base."
"I like the recording feature."
"The most valuable feature of the solution is the scanning or security part."
"We are now deploying less defects to production."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The solution offers services in a few specific development languages."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"There is room for improvement in the integration process."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"HCL AppScan needs to improve security."
"They have to improve support."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while HCL AppScan is ranked 15th in Application Security Tools with 40 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Fortify WebInspect. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.