Fortify Application Defender vs Veracode

Fortify Application Defender is ranked 28th in Application Security vs Veracode which is ranked 1st in Application Security with 34 reviews. The top reviewer of Veracode writes "Enables us to automatically submit each new build for scanning and get results directly into our JIRA". Fortify Application Defender is most compared with SonarQube, Coverity and Checkmarx. Veracode is most compared with SonarQube, Fortify on Demand and Checkmarx.
Cancel
You must select at least 2 products to compare!
+Add products to compare
Most Helpful Review
Use Fortify Application Defender? Share your opinion.
Find out what your peers are saying about CA Technologies, Checkmarx, Micro Focus and others in Application Security.
279,835 professionals have used our research since 2012.

Quotes From Members Comparing Fortify Application Defender vs Veracode

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pricing and Cost Advice
We got a special offer for a 30% reduction for three years, after our first year. I think for a real source-code scanning tool, you have to add a lot of money for Open Source Analysis, and AppSec Coach (160 Euro per user per year).Before implementing the product I would evaluate if it is really necessary to scan so many different languages and frameworks. If not, I think there must be a cheaper solution for scanning Java-only applications (which are 90% of our applications).​Checkmarx is not a cheap scanning tool, but none of the security tools are cheap. Checkmarx is a powerful scanning tool, and it’s essential to have one of these products.It is a good product but a little overpriced.The license has a vague language around P1 issues and the associated support. Make sure to review these in order to align them with your organizational policies.The pricing is competitive and provides a lower TCO (total cost of ownership) for achieving application security.The pricing was not very good. This is just a framework which shouldn’t cost so much.I believe pricing is better compared to other commercial tools.

Read more »

Information Not Available
Costs are reasonable. No special infrastructure is required and the license model is good.I think the pricing is in line with the rest of the tools. I think you get what you pay for. It is certainly not inexpensive, but the value proposition is there. There are certainly cheaper tools, but I don't think we'd be getting the support that we get with those, and that is what separates this product from the others.Regarding licensing, pay very close attention to what applications you're going to need to do dynamic scanning for, versus static. Right now, the way the licensing is set up, if you don't have any static elements for a website, you can certainly avoid some costs by doing more dynamic licenses. You need to pay very close attention to that, because if you find out later that you have static code elements - like Java scripts, etc. - that you want to have scanned statically, having the two licenses bundled together will actually save you money.We're very comfortable with their model. We think they're a good value. We worked very closely with Veracode on understanding their license model, understanding what comprises the fee and what does not. With their assistance in design, we decomposed our application in a way where we are scanning a very significant amount of code without wasting their capacity and generating redundant reported issues. You scan in profiles, per se. And we work with them, in their offices, to design the most effective approach. So the advice I would have for customers is, you can get up and live fast, but work closely with Veracode to refine the method you use for scanning and the way you compile the applications. There's a concept called entry-point scanning, and that's probably not used well by the rest of their customers. We see our licensing as a good value because we leverage it heavily.Pricing/licensing is complicated.Negotiate some, but their prices are reasonable.Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it.I don't really get too involved in the cost sides of things that's in my job, I'm more of a technical focus, but I have heard from my manager and a couple other people that the solution is quite expensive.

Read more »

Find out what your peers are saying about CA Technologies, Checkmarx, Micro Focus and others in Application Security.
279,835 professionals have used our research since 2012.
Top Comparisons
Top Comparisons
Compared 33% of the time.
Compared 30% of the time.
Compared 14% of the time.
See more Checkmarx competitors »
See more Fortify Application Defender competitors »
Compared 29% of the time.
Compared 23% of the time.
Compared 14% of the time.
Also Known As
Also Known AsHPE Fortify Application Defender, Micro Focus Fortify Application Defender
Website/Video
Website/VideoCheckmarx
Micro Focus
CA Technologies
Overview
Overview

Checkmarx CxSAST is a highly accurate and flexible Static Code Analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in all major coding languages. CxSAST is available as a standalone product and can be effectively integrated into the Software Development Lifecycle (SDLC) to streamline detection and remediation. CxSAST can be deployed on-premise in a private data center or hosted via a public cloud.

Whitepaper: I, II

Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

Veracode is an application security company that offers an automated cloud-based service for securing web, mobile and third-party enterprise applications. Veracode provides multiple security analysis technologies on a single platform, including static analysis, dynamic analysis, mobile application behavioral analysis and software composition analysis.

OFFER
Free Demo

Learn more about Checkmarx.

Learn more about Fortify Application Defender
Learn more about Veracode
Sample Customers
Sample CustomersYIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Information Not Available
State of Missouri, Rekner
Top Industries
Top Industries
VISITORS READING REVIEWS
Financial Services Firm
27%
Manufacturing Company
21%
Government
7%
Comms Service Provider
6%
No Data Available
REVIEWERS
Financial Services Firm
35%
Insurance Company
15%
Consumer Goods
10%
Individual & Family Service
5%
VISITORS READING REVIEWS
Financial Services Firm
23%
Media Company
7%
Manufacturing Company
7%
Marketing Services Firm
7%
Company Size
Company Size
REVIEWERS
Small Business
35%
Midsize Enterprise
6%
Large Enterprise
59%
VISITORS READING REVIEWS
Small Business
17%
Midsize Enterprise
11%
Large Enterprise
73%
No Data Available
REVIEWERS
Small Business
27%
Midsize Enterprise
24%
Large Enterprise
48%
VISITORS READING REVIEWS
Small Business
21%
Midsize Enterprise
14%
Large Enterprise
65%
Find out what your peers are saying about CA Technologies, Checkmarx, Micro Focus and others in Application Security.
Download now
279,835 professionals have used our research since 2012.
We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email