We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"I do not remember any issues with stability."
"It is an extremely robust, scalable, and stable solution."
"What stands out to me is the user-friendliness of each feature."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"Speed and efficiency are great features."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"The product has valuable features for static and dynamic testing."
"The most valuable feature of the solution is Postman."
"The reporting part is the most valuable feature."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"Compared to other tools only AppScan supports special language."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"There's extensive functionality with custom rules and a custom knowledge base."
"This solution saves us time due to the low number of false positives detected."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"Takes up a lot of resources which can slow things down."
"Not fully integrated with CIT processes."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"Scans become slow on large websites."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"There is room for improvement in the pricing model."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"The databases for HCL are small and have room for improvement."
"It has crashed at times."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while HCL AppScan is ranked 14th in Application Security Tools with 39 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Qualys Web Application Scanning. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.