We performed a comparison between Fortify on Demand and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Speed and efficiency are great features."
"What stands out to me is the user-friendliness of each feature."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"The installation was easy."
"The user interface is good."
"The SAST feature is the most valuable."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"The most effective feature of the product is the ability to scan the entire environment."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
"We can get detailed information about vulnerabilities."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. Tenable.io Web Application Scanning is highly stable. I rate it a nine out ten. Since the solution works on the Cloud, it's highly scalable. I rate the scalability a nine out of ten. The setup of the solution is straightforward. The Return on Investment is substantial. I recommend the solution to all."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"It is fully automated."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"There were some regulated compliances, which were not there."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"The dashboard could be more user-friendly."
"The platform's technical support services could be better."
"The solution's dashboards could be improved and made more user-friendly."
"It isn't easy to manage vulnerabilities in Tenable."
"The reporting has a very limited customization capability."
"The report customization needs to be better."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. Fortify on Demand is rated 8.0, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and GitHub Advanced Security, whereas Tenable.io Web Application Scanning is most compared with Acunetix, SonarQube, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Invicti. See our Fortify on Demand vs. Tenable.io Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.