We performed a comparison between Fortify Application Defender and Fortify on Demand based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The solution helped us to improve the code quality of our organization."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The most valuable feature is that it analyzes data in real-time."
"The product saves us cost and time."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"This product is top-notch solution and the technology is the best on the market."
"It is an extremely robust, scalable, and stable solution."
"The vulnerability detection and scanning are awesome features."
"The solution is user-friendly."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"Audit workbench: for on-the-fly defect auditing."
"I encountered many false positives for Python applications."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"Fortify Application Defender gives a lot of false positives."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The licensing can be a little complex."
"The false positive rate should be lower."
"The products must provide better integration with build tools."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"Takes up a lot of resources which can slow things down."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews. Fortify Application Defender is rated 7.8, while Fortify on Demand is rated 8.0. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, SonarQube and Veracode, whereas Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect. See our Fortify Application Defender vs. Fortify on Demand report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.