We performed a comparison between Fortify on Demand, Fortra Tripwire IP360, and Parasoft SOAtest based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The quality of application security testing reduces risk and gives very few false positives."
"The user interface is good."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"Provides good depth of scanning and we get good results."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"We could manage our entire IP range with the solution."
"Tripwire IP360 is a very stable solution."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"Good write and read files which save execution inputs and outputs and can be stored locally."
"We have seen a return on investment."
"Technical support is helpful."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"Automatic testing is the most valuable feature."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"The testing time is shortened because we generate test data automatically with SOAtest."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"The products must provide better integration with build tools."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"I am not very impressed by the technical support."
"We need to dedicate time and resources to keep it running."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"From an automation point of view, it should have better clarity and be more user friendly."
"The summary reports could be improved."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
