We performed a comparison between Fortify on Demand and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"The solution's instant reports feature is the most effective for detecting threats."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"It is fully automated."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"Tenable.io Web Application Scanning is very easy to use."
"The most effective feature of the product is the ability to scan the entire environment."
"The solution is stable."
"We have some stability issues, but they are minimal."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"It isn't easy to manage vulnerabilities in Tenable."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"The reporting has a very limited customization capability."
"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"It would be great if there were a dashboard that is more user-friendly."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. Fortify on Demand is rated 8.0, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify Software Security Center, whereas Tenable.io Web Application Scanning is most compared with Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional, SonarQube and Invicti. See our Fortify on Demand vs. Tenable.io Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.