Fortify WebInspect Review

Needs a cloud-based version, although it's easy to scan and then to share scan reports

How has it helped my organization?

Easy to scan and then share scan reports, it has definitely streamlined many processes.

What is most valuable?

Guided Scan option allows us to easily scan and share reports.

What needs improvement?

One thing I would like to see them introduce is a cloud-based platform.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We have often encountered scanning errors.

What do I think about the scalability of the solution?

Not applicable.

How is customer service and technical support?

I would rate tech support at six out of 10.

How was the initial setup?

The setup was very straightforward.

What's my experience with pricing, setup cost, and licensing?

It’s a fair price for the solution.

Which other solutions did I evaluate?

No, we did not evaluate other options.

What other advice do I have?

I rate it five out of 10. I was not very impressed.

It's a good product, but get a license for cloud-based, if available.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortify WebInspect reviews from users
Find out what your peers are saying about Micro Focus, HCL, PortSwigger and others in Application Security Testing (AST). Updated: April 2021.
473,673 professionals have used our research since 2012.
Add a Comment

author avatarMurat Kaya
Top 20Real User

Unfortunately, my personal opinion is that such applications do not work anymore. Instead, source code analysis, proactive preventive agents and manual tests are more important.

author avatarHansEnders (Micro Focus)

Fortify does not offer a cloud version of WebInspect that the user can drive or configure directly.
The closest they have to WebInspect in a cloud format is the Fortify On Demand SaaS ("FOD"), and truthfully that is more "DAST or AppSec As A Service". In FOD, the customer provides full details for the DAST test in preparatory forms or discussions with their Fortify contact. The Fortify staff are the ones who run the actual scans, with the customers reviewing the scan results in a cloud dashboard, or downloading them to import into their on-premise WebInspect installation.

author avatarOpsRiskL10dc (Ops Risk Lead at a tech services company with 10,001+ employees)
Real User

Agreed, but as comparing with other cloud based web app scan tools, Web Inspect results are much more accurate, hence as a tool MicroFocus should start making this tool as a cloud version