We performed a comparison between OWASP Zap and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Micro Focus Fortify on Demand. Although both products have valuable features and ROI, our reviewers found that Micro Focus Fortify on Demand has a more complex installation process and slower support response times.
"What stands out to me is the user-friendliness of each feature."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"Fortify on Demand can be scaled very easily."
"The licensing was good."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins."
"The interface is easy to use."
"The scalability of this product is very good."
"It can be used effectively for internal auditing."
"The most valuable feature is scanning the URL to drill down all the different sites."
"We use the solution for security testing."
"Simple to use, good user interface."
"They offer free access to some other tools."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"Fortify on Demand needs to improve its pricing."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"There's very little documentation that comes with OWASP Zap."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
"ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"The technical support team must be proactive."
"There are too many false positives."
"Reporting format has no output, is cluttered and very long."
Fortify on Demand is ranked 9th in Static Application Security Testing (SAST) with 57 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. Fortify on Demand is rated 8.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and GitHub, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and SonarCloud. See our Fortify on Demand vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.