Fortify on Demand vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
OpenText Logo
10,811 views|7,926 comparisons
OWASP Logo
22,442 views|10,766 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Mar 20, 2023

We performed a comparison between OWASP Zap and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: OWASP Zap has quick and simple installation with various options. Micro Focus Fortify on Demand has a straightforward setup, but the time varies with code size and method.
  • Features: OWASP Zap offers privacy, automatic scanning, and browser control. Micro Focus Fortify on Demand provides valuable information, easy-to-use features, and the ability to pinpoint specific vulnerabilities in the code.
  • Pricing: OWASP Zap is a freeware product. Micro Focus Fortify on Demand offers an annual licensing model based on the number of applications that will be scanned.
  • Service and Support: OWASP Zap has no official technical support, but the community forum is helpful. Micro Focus Fortify on Demand offers good support, but there have been some complaints about slow response times.
  • ROI: OWASP Zap offers a positive ROI. Micro Focus Fortify on Demand saves time and money through its automation features, allowing scans to be completed quickly through the pipeline.

Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Micro Focus Fortify on Demand. Although both products have valuable features and ROI, our reviewers found that Micro Focus Fortify on Demand has a more complex installation process and slower support response times.

To learn more, read our detailed Fortify on Demand vs. OWASP Zap Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira.""This product is top-notch solution and the technology is the best on the market.""I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification""The static code analyzers are the most valuable features of this solution.""Being able to reduce risk overall is a very valuable feature for us.""The solution is user-friendly.""There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do.""The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."

More Fortify on Demand Pros →

"Automatic updates and pull request analysis.""The HUD is a good feature that provides on-site testing and saves a lot of time.""The scalability of this product is very good.""The product discovers more vulnerabilities compared to other tools.""The solution has tightened our security.""It updates repositories and libraries quickly.""Simple to use, good user interface.""The solution is good at reporting the vulnerabilities of the application."

More OWASP Zap Pros →

Cons
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple.""Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues.""There are lots of limitations with code technology. It cannot scan .net properly either.""It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt.""If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time.""It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers.""We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve.""Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."

More Fortify on Demand Cons →

"It doesn't run on absolutely every operating system.""Lacks resources where users can internally access a learning module from the tool.""The technical support team must be proactive.""The forced browse has been incorporated into the program and it is resource-intensive.""As security evolves, we would like DevOps built into it. As of now, Zap does not provide this.""Too many false positives; test reports could be improved.""It would be nice to have a solid SQL injection engine built into Zap.""Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand)."
  • "We used the one-time application, Security Scan Dynamic. I believe the original fee was $8,000."
  • "The subscription model, on a per-scan basis, is a bit expensive. That's another reason we are not using it for all the apps."
  • "The licensing was good because the licenses have the heavy centralized server."
  • "It's a yearly contract, but I don't remember the dollar amount."
  • "The pricing can be improved because it is complex when compared to the competition."
  • "It is quite expensive. Pricing and the licensing model could be improved."
  • "It is cost-effective."
  • More Fortify on Demand Pricing and Cost Advice →

  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."
  • More OWASP Zap Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:What stands out to me is the user-friendliness of each feature.
    Top Answer:Despite being on the higher end in terms of cost, the biggest value lies in its abilities, including robust features, seamless integration, and high-quality findings.
    Top Answer:It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security. This could enhance the solution… more »
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:The application scanning feature is the most valuable feature.
    Ranking
    Views
    10,811
    Comparisons
    7,926
    Reviews
    17
    Average Words per Review
    382
    Rating
    8.1
    Views
    22,442
    Comparisons
    10,766
    Reviews
    12
    Average Words per Review
    360
    Rating
    7.3
    Comparisons
    Also Known As
    Micro Focus Fortify on Demand
    Learn More
    Overview

    Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

    Fortify on Demand Features

    Fortify on Demand has many valuable key features. Some of the most useful ones include:

    • Deployment flexibility
    • Scalability
    • Built for DevSecOps
    • Ease of use
    • Supports 27+ languages
    • Real-time vulnerability identification with
    • Security Assistant
    • Actionable results in less than 1 hour for most applications with DevOps automation
    • Expanded coverage, accuracy and remediation details with IAST runtime agent
    • Continuous application monitoring of production applications
    • Virtual patches
    • Supports iOS and Android mobile applications
    • Security vulnerability identification
    • Behavioral and reputation analysis

    Fortify on Demand Benefits

    There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

    • Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
    • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
    • Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

    Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

    A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

    Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

    A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

    PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Sample Customers
    SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    REVIEWERS
    Financial Services Firm39%
    Computer Software Company14%
    Retailer11%
    Energy/Utilities Company7%
    VISITORS READING REVIEWS
    Financial Services Firm19%
    Computer Software Company14%
    Manufacturing Company10%
    Government9%
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government7%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business25%
    Midsize Enterprise11%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise11%
    Large Enterprise73%
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise64%
    Buyer's Guide
    Fortify on Demand vs. OWASP Zap
    March 2024
    Find out what your peers are saying about Fortify on Demand vs. OWASP Zap and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    Fortify on Demand is ranked 9th in Application Security Testing (AST) with 55 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 36 reviews. Fortify on Demand is rated 8.0, while OWASP Zap is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and HCL AppScan, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and HCL AppScan. See our Fortify on Demand vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.