We performed a comparison between Fortify on Demand and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"We have the option to test applications with or without credentials."
"Provides good depth of scanning and we get good results."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"It improves future security scans."
"Audit workbench: for on-the-fly defect auditing."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"The extension that it provides with the community version for the skills mapping is excellent."
"It was easy to learn."
"In my area of expertise, I feel like it has almost everything I could possibly require at this moment."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"The solution is stable."
"Some of the extensions, available using Burp Extender, are also very good and we have found issues by using them."
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"The active scanner, which does an automated search of any web vulnerabilities."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"Takes up a lot of resources which can slow things down."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"The solution’s pricing could be improved."
"The solution’s pricing could be improved."
"Scanning needs to be improved in enterprise and professional versions."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"The solution lacks sufficient stability."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"A lot of our interns find it difficult to get used to PortSwigger Burp's environment."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Fortify on Demand is ranked 11th in Application Security Tools with 55 reviews while PortSwigger Burp Suite Professional is ranked 12th in Application Security Tools with 54 reviews. Fortify on Demand is rated 8.0, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and Fortify WebInspect, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and Qualys Web Application Scanning. See our Fortify on Demand vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.