We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."t's a cloud-based solution, so there was no installation involved."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"The solution is user-friendly."
"The installation was easy."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The user interface is good."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"Compared to other tools only AppScan supports special language."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"We use it as a security testing application."
"The solution is easy to use."
"The reporting part is the most valuable feature."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"There's extensive functionality with custom rules and a custom knowledge base."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"There are many false positives identified by the solution."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"There is room for improvement in the integration process."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"The solution could improve by having a mobile version."
"Sometimes it doesn't work so well."
"AppScan is too complicated and should be made more user-friendly."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"Scans become slow on large websites."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while HCL AppScan is ranked 14th in Application Security Tools with 39 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Qualys Web Application Scanning. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.