We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortify on Demand can be scaled very easily."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"The SAST feature is the most valuable."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"The static scans are good, and the SaaS as well."
"We are now deploying less defects to production."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"The solution is easy to use."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"We leverage it as a quality check against code."
"AppScan is stable."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"The products must provide better integration with build tools."
"Not fully integrated with CIT processes."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"Scans become slow on large websites."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"AppScan is too complicated and should be made more user-friendly."
"IBM Security AppScan Source is rather hard to use."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"They could add a software component analysis tool."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while HCL AppScan is ranked 14th in Application Security Tools with 39 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Qualys Web Application Scanning. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.