Fortify on Demand vs IBM Security AppScan

Fortify on Demand is ranked 3rd in Application Security Testing with 9 reviews vs IBM Security AppScan which is ranked 4th in Application Security Testing with 14 reviews. The top reviewer of Fortify on Demand writes "We can load the details and within a few days, receive the results of intrusion attacks, although it needs to have better packaged reporting capabilities. ". The top reviewer of IBM Security AppScan writes "The ease of use is key, the developers can actually use it and get results from dynamic testing". Fortify on Demand is most compared with SonarQube, Checkmarx and Veracode. IBM Security AppScan is most compared with Fortify on Demand, Veracode and Acunetix Vulnerability Scanner. See our Fortify on Demand vs IBM Security AppScan report.
Cancel
You must select at least 2 products to compare!
+Add products to compare
Most Helpful Review
Fortify on demand vs. ibm security appscan report from it central station 2018 05 04 thumbnail
Find out what your peers are saying about Fortify on Demand vs IBM Security AppScan and others in Application Security Testing.
270,604 professionals have used our research since 2012.

Quotes From Members Comparing Fortify on Demand vs IBM Security AppScan

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros
It has saved us a lot of time as we focus primarily on programming rather than tool operational work.The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product).Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA.I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarificationThe quality of application security testing reduces risk and gives very few false positives.We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients.Audit workbench: for on-the-fly defect auditing.

Read more »

The static scans are good, and the SaaS as well.It provides a better integration for our ecosystem.You can easily find particular features and functions through the UI.We leverage it as a quality check against code.We are now deploying less defects to production.Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.It has certainly helped us find vulnerabilities in our software, so this is priceless in the end.I like the recording feature.

Read more »

Cons
It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt.The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility.With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities.New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions.The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there..NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio.

Read more »

There is not a central management for static and dynamic.Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products.I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources.I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers.​IBM Security AppScan Source is rather hard to use​.There are so many lines of code with so many different categories that I am likely to get lost. ​It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good.I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.

Read more »

Pricing and Cost Advice
We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000.Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand).

Read more »

AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost.

Read more »

Fortify on demand vs. ibm security appscan report from it central station 2018 05 04 thumbnail
Find out what your peers are saying about Fortify on Demand vs IBM Security AppScan and others in Application Security Testing.
270,604 professionals have used our research since 2012.
Ranking
RANKING
Views
27,025
Comparisons
16,703
Reviews
9
Followers
1,790
Avg. Rating
8.2
Views
11,349
Comparisons
8,422
Reviews
13
Followers
367
Avg. Rating
8.1
Top Comparisons
Top Comparisons
Nowscbqs 400x400
Compared 31% of the time.
Checkmarx logo
Compared 24% of the time.
Ca2
Compared 18% of the time.
See more Fortify on Demand competitors »
Ca2
Compared 15% of the time.
See more IBM Security AppScan competitors »
Also Known As
Also Known AsMicro Focus Fortify on Demand, HPE Fortify on DemandRational AppScan, AppScan
Website/Video
Website/VideoMicro Focus
  • Vendor 7619 screenshot 1527352786
IBM
  • Vendor 7400 screenshot 1524637054
OverviewQuestionmark icon
Overview

Micro Focus Fortify on Demand’s application security-as-a-service is the easy and flexible way to identify vulnerabilities in your applications without additional investment in software or personnel. Allow our global team to work for you, providing support and technical expertise 24/7.

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

OFFER
Learn more about Fortify on Demand
Learn more about IBM Security AppScan
Sample Customers
Sample CustomersSAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more. Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Top IndustriesQuestionmark icon
Top Industries
VISITORS READING REVIEWS
Financial Services Firm
22%
Manufacturing Company
14%
Software R&D Company
10%
Comms Service Provider
8%
VISITORS READING REVIEWS
Transportation Company
25%
Financial Services Firm
21%
Comms Service Provider
19%
Manufacturing Company
8%
Company SizeQuestionmark icon
Company Size
REVIEWERS
Small Business
27%
Midsize Enterprise
20%
Large Enterprise
53%
VISITORS READING REVIEWS
Small Business
16%
Midsize Enterprise
12%
Large Enterprise
72%
REVIEWERS
Midsize Enterprise
25%
Large Enterprise
75%
Fortify on demand vs. ibm security appscan report from it central station 2018 05 04 thumbnail
Find out what your peers are saying about Fortify on Demand vs IBM Security AppScan and others in Application Security Testing.
Download now
270,604 professionals have used our research since 2012.
We monitor all Application Security Testing reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email