We performed a comparison between Fortify on Demand and ImmuniWeb based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What stands out to me is the user-friendliness of each feature."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"Fortify on Demand can be scaled very easily."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"The quality of application security testing reduces risk and gives very few false positives."
"ImmuniWeb is stable."
"The most valuable features are the SLA of Zero false-positives, less time of service development, validation of unlimited patched vulnerabilities, and several others."
"The solution's most valuable feature is reporting."
"The initial setup process is user-friendly."
"ImmuniWeb boasts a robust vulnerability detection mechanism, formidable threat mitigation, and an efficient remediation process, incorporating automation techniques and ALM strategies. The solution is highly stable. The solution is scalable. Editing Key Points for Review "Review about ImmuniWeb" What is our primary use case? We use the solution when we face challenges and urgent attention is needed for complex cases from our clients. To address this, we collaborate with the middleware, internal, and client teams to analyze and sort through intricate logs concerning our business cybersecurity program. How has it helped my organization? The solution helped us with one of our clients in the New York area contacted us about a data breach. In response, we swiftly organized a case meeting involving our client, internal, and email customer support teams. Together, we conducted an incident response, facilitating offline assistance for proper planning and risk management processes. We delved into the details of the data breach, identified how it occurred, and collaborated to rectify the issue. The client expressed satisfaction with the resolution process. What is most valuable? ImmuniWeb boasts a robust vulnerability detection mechanism, formidable threat mitigation, and an efficient remediation process, incorporating automation techniques and ALM strategies. It also focuses on consumer satisfaction and operates in English-speaking markets, primarily required by the UAE, the United States, Canada, and Australia, among other developed countries. For how long have I used the solution? We have been using this product for the past one and half years. What do I think about the stability of the solution? The solution is highly stable. I rate it a perfect ten. What do I think about the scalability of the solution? The solution is scalable. I rate it a nine out of ten. How are customer service and support? Support is generally excellent"
"I like the fully automated continuous discovery run by ImmuniWeb in the background. We do not need to rerun the same tests or the same scanning against our resources. We need to supply our IP addresses, domain names, and significant resources with special domain names and URLs, and we need to do it only once. Then we always have an up-to-date picture. I also like the integration with our single sign-on system. We do not need to maintain a separate set of usernames or user accounts. We can plug this ImmuniWeb service into our authentication technology, enabling two-factor authentication. We have secure authentication right out of the box. The other important feature I like is the executive view. You can easily switch from a technical view to an executive view and have a helicopter view of the compliance status. We can see how much effort is required and our current status."
"After the assessment, you clearly know which assets require penetration testing."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"Takes up a lot of resources which can slow things down."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"A great idea would be to make a mobile application for the ImmuniWeb portal so that all information would be available on the go and from a mobile phone as well. It would be much more convenient."
"Its technical support could be better."
"A great idea would be to support using Discovery on the internal network, allowing delivery of all the features of the current Discovery to internal network resources."
"The product’s interface for the web applications could be similar to Android and iOS versions."
"ImmuniWeb sometimes shows previous scans instead of running tests."
"It would be better if they had an automated tagging feature. The tagging functionality currently requires manual tagging, and that's probably the most needed feature from my standpoint. We also do not have enough tools, enough features, or options to display different resources in the way we need. There are basic grouping and some filtering features, but we still cannot fully separate some flavors of our resources. However, we may not be aware of the latest features."
"The deployment process on the cloud is straightforward, while on-premise can be complex. Support is generally excellent, although there can be delays in ticket resolution."
Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews while ImmuniWeb is ranked 17th in Application Security Testing (AST) with 7 reviews. Fortify on Demand is rated 8.0, while ImmuniWeb is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of ImmuniWeb writes "Easy initial setup process, but reporting feature for web scanning tools need improvement". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas ImmuniWeb is most compared with Qualys Web Application Scanning, Acunetix, Tenable.io Web Application Scanning, OWASP Zap and Veracode. See our Fortify on Demand vs. ImmuniWeb report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.