Fortify on Demand Valuable Features

Thomas Boltze - PeerSpot reviewer
Cloud Architecture Head at PagoNxt Merchant Solutions S.L.

We've found the depth of scanning that the product provides and the results we get are the most valuable features. 

View full review »
CP
Architecture Manager at Alinma Bank

Our CSD team used multiple tools for different scenarios. When dealing with sophisticated threats or vulnerabilities, manual analysis was necessary alongside Fortify's machine-based analysis. So, in handling complicated vulnerabilities, we couldn't rely on just one tool. Multiple tools were required. One such tool was OS Zap Proxy. We integrated Zap Proxy with Fortify, and this integration proved quite useful. Instead of relying solely on Fortify's dashboard, we integrated it with other tools, which made more sense. The security analysts, up to the level of the CSO, wouldn't rely only on a single dashboard. They used multiple tools to detect and work on vulnerabilities across various platforms and products. Fortify seamlessly integrates all these aspects.

View full review »
AhmedElkholy - PeerSpot reviewer
Pre-Sales Manager at Ejada Company Limited

One of the most valuable features of Fortify On Demand is its ability to integrate seamlessly with the DevOps lifecycle, particularly in terms of security testing. Injecting security testing into the DevOps process ensures that security measures are incorporated from the development stage onwards. It aligns with the main objective of DevOps, which is to automate and streamline the software development lifecycle, from code commit to deployment. With automation tools orchestrating the pipeline, tasks such as code compilation, testing, and deployment can be carried out rapidly and efficiently. This results in faster time-to-market for features, reducing deployment times from hours to minutes. It enhances trust from customers and cybersecurity teams, as security measures are built into the software from the outset, increasing confidence in the security.

View full review »
Buyer's Guide
Application Security Tools
March 2024
Find out what your peers are saying about OpenText, Sonar, Checkmarx and others in Application Security Tools. Updated: March 2024.
765,386 professionals have used our research since 2012.
Jayashree Acharyya - PeerSpot reviewer
Director at PepsiCo

Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning.

When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.

View full review »
Angelo Quaglia - PeerSpot reviewer
Independent Professional at Studio Dott. Ing. Angelo Quaglia

The solution is very fast.

View full review »
Yash Brahmani - PeerSpot reviewer
Devops Engineer at BNP Paribas

The vulnerability detection and scanning are awesome features. 

View full review »
AM
Test Lead at a financial services firm with 10,001+ employees

I appreciate all the features, with a particular emphasis on their vulnerability scanner. For instance, in our environment where two-factor authentication is prevalent across many of our sites, the scanner efficiently identifies vulnerabilities, including those related to second-factor methods or mobile codes. What stands out to me is the user-friendliness of each feature. Given that we're a bank with multiple applications, having the flexibility to customize solutions according to the unique needs of each application is crucial.

View full review »
Robertino Catalin Ionescu - PeerSpot reviewer
Department Manager of Testing Automation Centre at a energy/utilities company with 10,001+ employees

The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place.

View full review »
Prasenjit Roy - PeerSpot reviewer
Sr. Cloud Solution Architect - SAP on Azure at Accenture

The user interface is good.

View full review »
FC
Project Manager at Everis

The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation.

View full review »
JL
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
  • The ability to utilize the Client Portal, which provided my clients with a view of the project status, vulnerabilities and needed remediation steps in real-time
  • I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification
  • The process was easy to follow and we were supported by 24/7 by TAM personnel to help with any fire drills. This was helpful many times when I needed a quick answer late at night or early in the morning
View full review »
ShubhamJoshi - PeerSpot reviewer
Senior Software Engineer at a consultancy with 10,001+ employees

To my mind, the best features of this product are its speed and efficiency. It covers a wide variety of languages and even has an option for checking different Java versions.

View full review »
Harkamal-Singh - PeerSpot reviewer
Solution architect at NTT

The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution.

The allocations to different members of a team are good. If you find a problem, you can delegate the task to patch the particular code.

View full review »
SS
Acquisitions Leader at a healthcare company with 10,001+ employees

It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support.

It is an extremely robust, scalable, and stable solution.

It enhance the quality of code all along the CI/CD pipeline from a security standpoint and enables developers to deliver secure code right from the initial stages.

View full review »
Vishal Karanjkar - PeerSpot reviewer
Site Head - IOT NW Products & Solutions at Itron, Inc.

While using Micro Focus Fortify on Demand we have been very happy with the results and findings.

View full review »
PR
Vice President - Solution Architecture at a financial services firm with 10,001+ employees

Fortify on Demand is easy to use and the reporting is good.

As for the static code analysis functionality, it is doing the job that it is supposed to do. 

View full review »
JM
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees

One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed. I think that's really useful.

View full review »
RK
GM - Technology at a outsourcing company with 10,001+ employees

The most valuable features are the server, scanning, and it has helped identify issues with the security analysis.

View full review »
DV
Senior System Analyst at Azurian

One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that.

Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.

View full review »
it_user512112 - PeerSpot reviewer
Technical Lead at a tech services company with 10,001+ employees
  • Scan wizard: for configuring large scans
  • Audit workbench: for on-the-fly defect auditing
  • CLI: to integrate the tool into CI/CD
View full review »
Jaime Baracaldo - PeerSpot reviewer
Chief Information Officer at Location world

We have the option to scan web applications on demand. We have the option to do dynamic analysis. We also have an on-premise solution for static code analysis.

We have the option to test applications with or without credentials.

View full review »
Omar Abdelhamied Ahmed - PeerSpot reviewer
Financial Analyst at Arab Investment Bank

The SAST feature is the most valuable.

View full review »
Alejandro Merida - PeerSpot reviewer
Enterprise Solutions Architect at Contpaqi

The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security.

View full review »
NT
Cyber Security Specialist at a computer software company with 51-200 employees

The solution is user-friendly.

View full review »
LM
Principal Solutions Architect at a security firm with 11-50 employees

Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.

View full review »
BK
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees

The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira. When a vulnerability is found then it is classified as a bug and sent to IT.

View full review »
Kangkan Goswami - PeerSpot reviewer
Advisor Solution Architect at a tech services company with 10,001+ employees

Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud.

View full review »
RC
Security Systems Analyst at a retailer with 5,001-10,000 employees

Being able to reduce risk overall is a very valuable feature for us.

View full review »
it_user326421 - PeerSpot reviewer
Solution Security Architect with 1,001-5,000 employees
  • It's On-Demand, and cloud-based which is well suited to occasional and price-conscious use.
  • Fast turn-around allows for easy integration into the development process without any major impact on development efforts.
View full review »
OS
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services

I was able to quickly pass compliance with HIPAA.
Correlated static and dynamic results with detailed priority guidance.
Accurate results, tailored to each application.
All results manually reviewed by application security experts .
Central testing program management for all applications.

View full review »
S S RAMA KRISHNA MURTHY  SURI - PeerSpot reviewer
Senior Manager at valuelabs LLP

Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support.

View full review »
it_user488208 - PeerSpot reviewer
Specialist Master/Manager at a consultancy with 10,001+ employees

The static code analyzer provides views from a security perspective and it is easy to use compared to others.

View full review »
DG
Information Security Engineer at a comms service provider with 501-1,000 employees

The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives.

It is easy to install, and the cost is fair.

View full review »
it_user441546 - PeerSpot reviewer
Information Security Lead Consultant & Application Security Specialist at a energy/utilities company with 1,001-5,000 employees

It's saved us a lot of time as we focus primarily on security consultancy work rather than tool operational work.

Also, the features SAST, DAST, Dashboard/Reports, Fortify on Demand Portal and Vulnerability Tracking, have all helped with our work.

Finally, it's reduced operational costs as we minimized security incidents and ensured all vulnerabilities are remediated during the development lifecycle.

View full review »
JP
Production Manager for Nearshore SWaT at a computer software company with 1,001-5,000 employees

The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them.

View full review »
MK
Application Security Specialist at a tech services company with 5,001-10,000 employees

The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product). It also allows for more efficient and custom integration by allowing customized enhancements through the API support offered through the SSC portal.

View full review »
it_user455427 - PeerSpot reviewer
Development and Database Manager at a financial services firm with 501-1,000 employees

The solution simply identifies any security flaws that any of our applications might have.

View full review »
it_user1345719 - PeerSpot reviewer
Project Analyst at a financial services firm with 1,001-5,000 employees

The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications.

It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for.

View full review »
JE
CISO at a retailer with 1,001-5,000 employees

The product, in general, is meant to scan the website and identify any vulnerabilities: a known vulnerability across that script and SQL injection or other vulnerabilities from OWASP top 10, etc. That is what we're using this for.

The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it. 

View full review »
it_user692322 - PeerSpot reviewer
Digital Security Integration Lead at a non-tech company with 10,001+ employees

The quality of application security testing reduces risk and gives very few false positives.

View full review »
ML
Senior Application Security Analyst at a financial services firm with 10,001+ employees

What is most useful is how you can have related features upgraded on the tools. The tools themselves have details for the code as well, where the issues have been flagged, and all the vulnerabilities are there, in one place.

View full review »
NB
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees

We can run our scans properly on it. It improves future security scans.

View full review »
it_user506661 - PeerSpot reviewer
Senior Lead at a computer software company with 1,001-5,000 employees

We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients.

View full review »
it_user399378 - PeerSpot reviewer
Director of Information Technology at a tech consulting company with 501-1,000 employees

It enforces source-code scanning, finding vulnerabilities in source code.

View full review »
EP
Professor at BitBrainery University

We shared the easy to use dashboard with our programmers and involved outsourcers for a quick issues fix. 

View full review »
CU
Chief Executive & Certified Security Administrator at Boch Systems Company Limited

We actually find all of the product's features valuable. But at this point, we are trying to upsell by adding additional components like RAFT (Re-usable Automation Framework for Testing) to the test cycle.  

View full review »
it_user625875 - PeerSpot reviewer
Director Consulting at a tech services company with 10,001+ employees

The features I found most valuable is that it is very configurable. The installation was also very easy. 

View full review »
MJ
Co-Founder at TechScalable

Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices.

Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much.

View full review »
BS
R&D at a tech services company with 51-200 employees

There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do. We were working with a different solution called SolarCloud previously and it was limited. We are trying to find the right level of security for our needs.

View full review »
RB
Security Information Manager at a tech services company with 10,001+ employees

The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues.

View full review »
it_user488193 - PeerSpot reviewer
System Engineer at a tech services company with 501-1,000 employees

Both editions of the product have their advantages, and they complement each other.

View full review »
IL
Head of Compliance & Quality / CISO at a tech services company with 51-200 employees

The static code analyzers are the most valuable features of this solution.

View full review »
it_user362055 - PeerSpot reviewer
Senior Manager at a tech services company with 10,001+ employees

It's one of the leaders in the application security space. I've used Fortify since 2007, and I think the most valuable feature is its ability to address the source code scanning and dynamic scanning in a known, correlated way. I think the best way to address application security is to have multiple types of scanning and a unified view for the customer.

View full review »
Buyer's Guide
Application Security Tools
March 2024
Find out what your peers are saying about OpenText, Sonar, Checkmarx and others in Application Security Tools. Updated: March 2024.
765,386 professionals have used our research since 2012.