We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Audit workbench: for on-the-fly defect auditing."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can instantly register to error tracking systems, like TFS and JIRA."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"t's a cloud-based solution, so there was no installation involved."
"It was easy to set up."
"This solution saves us time due to the low number of false positives detected."
"The solution is easy to use."
"I like the recording feature."
"AppScan is stable."
"We leverage it as a quality check against code."
"The reporting part is the most valuable feature."
"The UI was very intuitive."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"There is room for improvement in the integration process."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"Takes up a lot of resources which can slow things down."
"They have very good support, but there is always room for improvement."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"One thing which I think can be improved is the CI/CD Integration"
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"HCL AppScan needs to improve security."
"It has crashed at times."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"Sometimes it doesn't work so well."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while HCL AppScan is ranked 14th in Application Security Tools with 39 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Qualys Web Application Scanning. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
