We performed a comparison between OWASP Zap and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Micro Focus Fortify on Demand. Although both products have valuable features and ROI, our reviewers found that Micro Focus Fortify on Demand has a more complex installation process and slower support response times.
"The scanning capabilities, particularly for our repositories, have been invaluable."
"t's a cloud-based solution, so there was no installation involved."
"It's a stable and scalable solution."
"Provides good depth of scanning and we get good results."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"Fortify on Demand can be scaled very easily."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The stability of the solution is very good."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"It's great that we can use it with Portswigger Burp."
"The solution has tightened our security."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"It has improved my organization with faster security tests."
"The interface is easy to use."
"The API is exceptional."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"Not fully integrated with CIT processes."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"They have very good support, but there is always room for improvement."
"They could provide features for artificial intelligence similar to other vendors."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"It doesn't run on absolutely every operating system."
"It would be nice to have a solid SQL injection engine built into Zap."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"The documentation is lacking and out-of-date, it really needs more love."
"Reporting format has no output, is cluttered and very long."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. Fortify on Demand is rated 8.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and HCL AppScan, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and HCL AppScan. See our Fortify on Demand vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.