We performed a comparison between Fortify on Demand and Fortify WebInspect based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"The installation was easy."
"It improves future security scans."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"The user interface is good."
"The user interface is ok and it is very simple to use."
"Good at scanning and finding vulnerabilities."
"The accuracy of its scans is great."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"The most valuable feature of this solution is the ability to make our customers more secure."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"It is scalable and very easy to use."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"A localized version, for example, in Korean would be a big improvement to this solution."
"The initial setup was complex."
"Lately, we've seen more false negatives."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"We have often encountered scanning errors."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"We have had a problem with authentification."
"Not sufficiently compatible with some of our systems."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews. Fortify on Demand is rated 8.0, while Fortify WebInspect is rated 7.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Snyk, whereas Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Acunetix, OWASP Zap, HCL AppScan and Qualys Web Application Scanning. See our Fortify WebInspect vs. Fortify on Demand report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.