We performed a comparison between Fortify on Demand and Fortify WebInspect based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The static code analyzers are the most valuable features of this solution."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"It is an extremely robust, scalable, and stable solution."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"Fortify on Demand is easy to use and the reporting is good."
"This product is top-notch solution and the technology is the best on the market."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"Good at scanning and finding vulnerabilities."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The accuracy of its scans is great."
"The most valuable feature of this solution is the ability to make our customers more secure."
"It's a well-known platform for doing dynamic application scanning."
"Guided Scan option allows us to easily scan and share reports."
"There were some regulated compliances, which were not there."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"They could provide features for artificial intelligence similar to other vendors."
"We have some stability issues, but they are minimal."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"Creating reports is very slow and it is something that should be improved."
"The initial setup was complex."
"Lately, we've seen more false negatives."
"We have had a problem with authentification."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
Fortify on Demand is ranked 8th in Application Security Tools with 57 reviews while Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews. Fortify on Demand is rated 8.0, while Fortify WebInspect is rated 7.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Snyk, whereas Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Acunetix, OWASP Zap, HCL AppScan and Qualys Web Application Scanning. See our Fortify WebInspect vs. Fortify on Demand report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.