What is most valuable?
I was able to quickly pass compliance with HIPAA.
Correlated static and dynamic results with detailed priority guidance.
Accurate results, tailored to each application.
All results manually reviewed by application security experts .
Central testing program management for all applications.
How has it helped my organization?
HP Fortify on Demand provides an independent review of third-party applications, allowing organizations to test software before purchasing, and also allowing software vendors to demonstrate the security of their software. Third-party vendors can upload the source code and/or provide a URL, review the results, and then publish a report back to their customer.
This service compels commercial vendors to take action to proactively fix vulnerabilities, while allowing them to remain in control of their applications. Security professionals can demand that high-priority problems be addressed and verified during the procurement or upgrade process, prior to acceptance. HP Fortify on Demand serves as an independent third-party solution to conduct unbiased analysis of applications and provide a detailed tamper-proof report back to the security team.
What needs improvement?
You are going to like the new detailed reporting. It can correlate the results from different forms of testing and prioritize them by severity to present the truest representation of application risk.
For how long have I used the solution?
What was my experience with deployment of the solution?
It was very easy to install and deploy.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
No. Scalable infrastructure allows for fast turnaround times and it has no limitations based on lines of code, megabytes, or anything else.
How are customer service and technical support?
Good Technical Support
Which solution did I use previously and why did I switch?
I currently use other solutions. We gave HP Fortify on Demand a try and we are very happy with the results.
How was the initial setup?
What about the implementation team?
We tried the free version first and then we acquired the software the product website.
What was our ROI?
Keep in mind that the calculation for return on investment and, therefore the definition, can be modified to suit the situation. It all depends on what you include as returns and costs. The definition of the term in the broadest sense just attempts to measure the profitability of an investment and, as such, there is no one "right" calculation. But, I have to say the client is very satisfied.
What's my experience with pricing, setup cost, and licensing?
Try the free version first.
Which other solutions did I evaluate?
I am already using other software. We wanted to try it and it works like a charm.
What other advice do I have?
Trust me, you want to be able to do automated and manual testing on a web application that is live.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partners
Jul 06 2015