We performed a comparison between Fortify on Demand and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"Audit workbench: for on-the-fly defect auditing."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"Speed and efficiency are great features."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"I do not remember any issues with stability."
"It's a stable and scalable solution."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The initial setup is simple."
"We use the solution for vulnerability assessment in respect of the application and the sites."
"You can scan any number of applications and it updates its database."
"The solution scans web applications and supports APIs, which are the main features I really like."
"The feature that we have found most valuable is that it comes with pre-set configurations. They have a set of predefined options where you can pick one and start scanning. We also have the option of creating our own configurations, like how often do the applications need to be scanned."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"The most valuable feature is Burp Collaborator."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"Not fully integrated with CIT processes."
"Takes up a lot of resources which can slow things down."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"They have very good support, but there is always room for improvement."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"They could provide features for artificial intelligence similar to other vendors."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"The solution lacks sufficient stability."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"The tool is very expensive."
"The solution’s pricing could be improved."
"Sometimes the solution can run a little slow."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Fortify on Demand is rated 8.0, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Digital.ai Application Security. See our Fortify on Demand vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.