We performed a comparison between Fortify on Demand and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"Being able to reduce risk overall is a very valuable feature for us."
"It's a stable and scalable solution."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"This product is top-notch solution and the technology is the best on the market."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"The interface is user-friendly and easy to understand."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"Not fully integrated with CIT processes."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"It should have better automatic reporting."
"There should be better visibility into the application."
"In certain cases, this product does have false positives, which the company should work on."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The support could be faster."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"Deployment can be complicated."
More Qualys Web Application Scanning Pricing and Cost Advice →
Fortify on Demand is ranked 8th in Application Security Tools with 57 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Fortify on Demand is rated 8.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Fortify on Demand vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.