Micro Focus Fortify on Demand Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Cinfooffice09987
Real User
CISO at a retailer with 1,001-5,000 employees
May 16 2019

What is most valuable?

The product, in general, is meant to scan the website and identify any vulnerabilities: a known vulnerability across that script and SQL injection or other vulnerabilities from OWASP top 10, etc. That… more»

How has it helped my organization?

Before we migrate a new code to our production website, it is scanned with Fortify and all security vulnerabilities are identified. Then we try to remediate them so we don't expose ourselves. I've… more»

What needs improvement?

Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly… more»

What's my experience with pricing, setup cost, and licensing?

It's a yearly contract, but I don't remember the dollar amount.

What other advice do I have?

I would advise others not to use Fortify, but rather get something like Veracode or Checkmarx. The most important thing is not the functionality of the product. The most important thing is the… more»

Which other solutions did I evaluate?

I don't remember if we evaluated anybody else. I think Fortify was recommended through a consultant. Some years ago, there were not so many vendors at a time playing in this arena. There's not so many… more»
Jonathas De Morais
Real User
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
Aug 14 2018

What is most valuable?

One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security… more»

How has it helped my organization?

Because of the kind of products we deal with, and the kind of customers we have, we have really specific security requirements and practices we need to follow… more»

What needs improvement?

It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the… more»

What's my experience with pricing, setup cost, and licensing?

The subscription model, on a per-scan basis, is a bit expensive. That's another reason we are not using it for all the apps. That subscription model is probably something… more»

If you previously used a different solution, which one did you use and why did you switch?

We didn't have a previous solution. We researched a couple of the tools, but we ended up using Fortify because of the comprehensive scans they have, and mainly because… more»

What other advice do I have?

Understand what you want to get out of it and be sure to fully understand what you will be paying per scan if you go for the subscription model. As I said, having to scan… more»

Which other solutions did I evaluate?

We looked at CheckMarkx and SonarQube Enterprise. As I said, we are currently using SonarQube for other apps, but we use the open-source version. We tried to use the… more»
Find out what your peers are saying about Micro Focus, SonarQube, Checkmarx and others in Application Security. Updated: October 2019.
371,355 professionals have used our research since 2012.
KavithaSridhar
Consultant
Director Consulting at a tech services company with 10,001+ employees
Nov 11 2018

What is most valuable?

The features I found most valuable is that it is very configurable. The installation was also very easy.

How has it helped my organization?

First, you don't have very high requirement and we could do it quickly and efficiently. Second, it was easy for us to install the reading bot facing challenges and such, while doing that installation… more»

What needs improvement?

Yeah, some of the technologies and framework for libraries were not available at that point of time. For example, if it was in the back end, at that point in time we had to look at other tools. There… more»

What's my experience with pricing, setup cost, and licensing?

The licensing was good because the licenses have the heavy centralized server. It connects to the other PTs, or even if it connects to the old EC servers. We had to put it within an old EC, in order… more»

What other advice do I have?

Today's security has become so complex that you cannot lean completely dependent on one tool. What I have learned is that you should have multiple tools. Now, with different areas coming into space… more»

Which other solutions did I evaluate?

We were using many other tools like TechAbility, IBM AppScan and I think these were the predominant ones.
Appsecanst67
Real User
Senior Application Security Analyst at a financial services firm with 10,001+ employees
Aug 19 2019

What is most valuable?

What is most useful is how you can have related features upgraded on the tools. The tools themselves have details for the code as well, where the issues have been flagged, and all the vulnerabilities are there, in one place.

What needs improvement?

The solution has some problems with latency. Sometimes it takes a while to respond. This issue should be addressed. They should improve the data path where the issue has been flagged. They can improve the flow module details. If you can understand from the data flow or data path what is happening, you can better understand what the issue is.

What other advice do I have?

We use the cloud deployment model of the solution. Whether or not you decide to implement the solution depends on the use case. It depends on if the user has a big application or multiple lines of code which need to be scanned. New users need to do POC so they can investigate if this tool fits in their company or their enterprise before they begin implementation. Everyone should do a comparison… more»
Murat Kaya
Real User
Application Security Specialist at a tech services company with 5,001-10,000 employees
Jan 16 2018

What is most valuable?

The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product). It also allows for more efficient and custom integration by allowing customized enhancements through the API support offered through the SSC portal.

How has it helped my organization?

In large software development teams, the most important issue related to software and application security is to identify vulnerabilities and weaknesses quickly and accurately, then to gather those findings on a common platform so they can be distributed and tracked by teams and developers. Micro Focus WebInspect and Fortify code analysis tools are fully integrated with SSC portals and can… more»

What needs improvement?

Though it is generally close to perfection, the biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility. Since there are different templates on TFS in particular (CMMI, Agile etc.), the configuration for different templates can also be customized with the… more»
Nixon B
Vendor
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Aug 16 2018

What is most valuable?

We can run our scans properly on it. It improves future security scans.

How has it helped my organization?

We are using lost programming languages, because we have a lot of product development going on because we have a product-based company. Fortify helps us to stay updated with the newest languages and… more»

What needs improvement?

Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues. We would like a reduction in the time frame of scans. It takes us three to five days to run a… more»

What's my experience with pricing, setup cost, and licensing?

The pricing is expensive.

If you previously used a different solution, which one did you use and why did you switch?

We did not have another solution before. We tried other solutions, but they were not as good as Fortify.

Which other solutions did I evaluate?

Currently, Checkmarx offers us a graphically, revised run.
Ives Laaf
Real User
Head of Compliance & Quality / CISO at a tech services company with 51-200 employees
Jun 11 2019

What do you think of Micro Focus Fortify on Demand?

What is our primary use case?

Our primary use case for this solution is static code analysis.

How has it helped my organization?

This solution has helped us to improve our security processes.

What is most valuable?

The static code analyzers are the most valuable features of this solution.

What needs improvement?

The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment. It needs a better configuration and more options for reports.

For how long have I used the solution?

Four months.

What do I think about the stability of the solution?

The solution is working, so I would say that its stability is fine.

What do I think about the scalability of the solution?

We have approximately twenty users…
Elina Petrovna
Real User
Professor at a government with 51-200 employees
Apr 25 2018

What do you think of Micro Focus Fortify on Demand?

What is our primary use case?

I analyzed more than 20 applications implemented in BIT Brainery University. The static analysis has to be done every release before putting it in production.

How has it helped my organization?

Even though it was our final choice, it has saved us a lot of time as we focus primarily on programming rather than tool operational work. We did not need third-party consultants.

What is most valuable?

We shared the easy to use dashboard with our programmers and involved outsourcers for a quick issues fix. 

What needs improvement?

It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt.

For how long have I used the solution?

Articles

User Assessments By Topic About Micro Focus Fortify on Demand

Find out what your peers are saying about Micro Focus, SonarQube, Checkmarx and others in Application Security. Updated: October 2019.
371,355 professionals have used our research since 2012.

Micro Focus Fortify on Demand Questions

What is Micro Focus Fortify on Demand?

Micro Focus Fortify on Demand’s application security-as-a-service is the easy and flexible way to identify vulnerabilities in your applications without additional investment in software or personnel. Allow our global team to work for you, providing support and technical expertise 24/7.

Also known as
Fortify on Demand
Micro Focus Fortify on Demand customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

Read Archived Reviews
Sign Up with Email