We performed a comparison between Fortify Application Defender and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product saves us cost and time."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"The most valuable feature is that it analyzes data in real-time."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The solution helped us to improve the code quality of our organization."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"Its ability to find security defects is valuable."
"This product is designed for easy scalability and can easily scale up without major challenges."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"The interface is user-friendly and easy to understand."
"Qualys Web Application Scanning has multiple features like threat protection and container security scanning in one box."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"The product prevents possible vulnerabilities in our network."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"Support for older compilers/IDEs is lacking."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The false positive rate should be lower."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"The licensing can be a little complex."
"The workbench is a little bit complex when you first start using it."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"I encountered many false positives for Python applications."
"The product's pricing could be better."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
"There could be better management and faster scanning."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"There should be better visibility into the application."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
More Qualys Web Application Scanning Pricing and Cost Advice →
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Fortify Application Defender is rated 7.8, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, SonarQube and Fortify on Demand, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube and PortSwigger Burp Suite Professional. See our Fortify Application Defender vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.