We performed a comparison between Fortify on Demand, HCL AppScan, and Ixia BreakingPoint based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."I do not remember any issues with stability."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"What stands out to me is the user-friendliness of each feature."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"The solution is very fast."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"We leverage it as a quality check against code."
"I like the recording feature."
"The static scans are good, and the SaaS as well."
"The product has valuable features for static and dynamic testing."
"There's extensive functionality with custom rules and a custom knowledge base."
"We use it as a security testing application."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The most valuable feature of Ixia BreakingPoint is the ransomware and malware database for simulated attacks."
"I like that we can test cloud applications."
"It is a scalable solution."
"The solution has many protocols and options, making it very flexible."
"The DDoS testing module is useful and quick to use."
"There is a virtual version of the product which is scaled to 100s of virtual testing blades."
"We use Ixia BreakingPoint for Layer 7 traffic generation. That's what we like."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"Not fully integrated with CIT processes."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"They could add a software component analysis tool."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The solution could improve by having a mobile version."
"One thing which I think can be improved is the CI/CD Integration"
"HCL AppScan needs to improve security."
"The product has some technical limitations."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"The price could be better."
"The production traffic simulations are not realistic enough for some types of DDoS attacks."
"They should improve UI mode packages for the users."
"The quality of the traffic generation could be improved with Ixia BreakingPoint, i.e. to get closer to being accurate in what a real user will do."
"The solution originally was hard to configure; I'm not sure if they've updated this to make it simpler, but if not, it's something that could be streamlined."
"I would appreciate some preconfigured network neighborhoods, which are predefined settings for testing networks."
"The integration could improve in Ixia BreakingPoint."
