Fortify Application Defender Room for Improvement

Durgesh Pathak
DevOps Engineer at a energy/utilities company with 10,001+ employees
There are a couple of vulnerabilities not covered by the solution and we are working on how we can improve on these things. An example of this is when we have a static value that is stored in a database. We need to use a workaround when a value is not exposed directly to the code base, where we check that code dynamically. The workbench is a little bit complex when you first start using it. View full review »
Grandin Major
Solution Architect at a logistics company with 10,001+ employees
The solution is quite expensive. There could be little improvements made in the solution's performance, reporting, management, interface, dashboard, etc. Their level of support could also be better. They should be more qualified and quicker to respond, for example. It would be beneficial if the dashboard integrated with JIRA. View full review »
Bob Dean
Principle Engineer at MTSI
Support for older compilers/IDEs is lacking. Many developers are still using environments that are known for having security issues. For example, Visual Studio 2005, 2008, and older, gcc 1.x, etc. are still being used. However, we cannot analyze a project using these older compilers because they are no longer supported by Fortify. If I can't find security issues injected by the development environment because I'm forced to use a newer compiler, then I cannot make recommendations to use an updated compiler. This is a particularly thorny issue wherein development environments of mission critical systems do not change and yet we need to recommend usage of newer development environments. View full review »
Find out what your peers are saying about Micro Focus, SonarQube, Synopsys and others in Application Security. Updated: March 2020.
408,154 professionals have used our research since 2012.