We performed a comparison between Fortify on Demand and Kiuwan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"This product is top-notch solution and the technology is the best on the market."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The static code analyzers are the most valuable features of this solution."
"The solution is user-friendly."
"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally."
"I've found the reporting features the most helpful."
"We use Kiuwan to locate the source of application vulnerabilities."
"I personally like the way it breaks down security vulnerabilities with LoC at first glance."
"Lifecycle features, because they permit us to show non-technical people the risk and costs hidden into the code due to bad programming practices."
"It provides value by offering options to enhance both code quality and the security of the company."
"We are using this solution to increase the quality of our software and to test the vulnerabilities in our tools before the customers find them."
"I find it immensely helpful because it's not just about generating code; it's about ensuring efficiency in the execution."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"I would like to see better integration with the Visual Studio and Eclipse IDEs."
"The product's UI has certain shortcomings, where improvements are required."
"The next release should include more flexibility in the reporting."
"The solution seems to give us a lot of false positives. This could be improved quite a bit."
"The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report."
"The development-to-delivery phase."
"I would like to see additional languages supported."
"Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat."
Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews while Kiuwan is ranked 22nd in Application Security Tools with 23 reviews. Fortify on Demand is rated 8.0, while Kiuwan is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Kiuwan writes "Though a stable tool, the UI needs improvement". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas Kiuwan is most compared with SonarQube, Checkmarx One, Snyk, Veracode and OWASP Zap. See our Fortify on Demand vs. Kiuwan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.