We performed a comparison between Fortify on Demand and Rapid7 AppSpider based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"The solution is very fast."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"Audit workbench: for on-the-fly defect auditing."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"It is really accurate and the rate of false positives is very low."
"The setup is usually straightforward."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"When it is set up properly, it can do scanning on web apps with multiple engines automatically."
"The most valuable feature is the reporting, which is compliant with international standards."
"I would say that it is stable, as I am not aware of any major issues."
"It scans all the components developed within a web application."
"The entire solution is interactive and has a point-and-click user experience, which makes it easy to find items or drill down on information. You don't need specialized skills to use the product."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"I would like the solution to add AI support."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"There is room for improvement in the integration process."
"Fortify on Demand could be improved with support in Russia."
"Implementing Rapid7 AppSpider requires scanning and self-identification mechanisms. You can add different types of authentication to each scan."
"The performance of the solution could improve. When I compare the speed it is slower than others on the market. There are some tricks we use to help speed up the solution."
"There are some glitches with stability, and it is an area for improvement."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"Support response times are slow and can be improved."
"It needs better integration with mobile applications."
"Integration could be better."
Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews while Rapid7 AppSpider is ranked 25th in Application Security Testing (AST) with 13 reviews. Fortify on Demand is rated 8.0, while Rapid7 AppSpider is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Fortify WebInspect, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and Tenable.io Web Application Scanning. See our Fortify on Demand vs. Rapid7 AppSpider report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.