We performed a comparison between Fortify on Demand and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"Provides good depth of scanning and we get good results."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"The vulnerability management feature is a strong one. And also the patch management feature."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"This product is designed for easy scalability and can easily scale up without major challenges."
"By using QualysGuard, we are able to finish external scans with assured results in half the time."
"It is a cloud-based solution, so it is easy to scale."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"The product prevents possible vulnerabilities in our network."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"Fortify on Demand needs to improve its pricing."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"Deployment can be complicated."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"There could be better management and faster scanning."
"It should have better automatic reporting."
"The reporting contains too many false positives."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The product should allow users to upload their payloads."
"The scanner reports a lot of false positives, which is something that needs to be improved."
More Qualys Web Application Scanning Pricing and Cost Advice →
Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. Fortify on Demand is rated 8.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, Veracode, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Fortify on Demand vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.