We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"Fortify on Demand is easy to use and the reporting is good."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"What stands out to me is the user-friendliness of each feature."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"The reporting part is the most valuable feature."
"I like the recording feature."
"It provides a better integration for our ecosystem."
"This solution saves us time due to the low number of false positives detected."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The most valuable feature of the solution is the scanning or security part."
"The UI was very intuitive."
"The most valuable feature of the solution is Postman."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"They could provide features for artificial intelligence similar to other vendors."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"Not fully integrated with CIT processes."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"They could add a software component analysis tool."
"The databases for HCL are small and have room for improvement."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
Fortify on Demand is ranked 8th in Application Security Tools with 57 reviews while HCL AppScan is ranked 14th in Application Security Tools with 41 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and OWASP Zap, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Checkmarx One. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.