Micro Focus Fortify on Demand Reviews

Micro Focus Fortify on Demand is the #4 ranked solution of our top Application Security Testing (AST) tools. It's rated 3.5 out of 5 stars, and is most commonly compared to SonarQube - Micro Focus Fortify on Demand vs SonarQube

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Real User
CISO at a retailer with 1,001-5,000 employees
May 16 2019

What is most valuable?

The product, in general, is meant to scan the website and identify any vulnerabilities: a known vulnerability across that script and SQL injection or other vulnerabilities from OWASP top 10, etc. That… more »

How has it helped my organization?

Before we migrate a new code to our production website, it is scanned with Fortify and all security vulnerabilities are identified. Then we try to remediate them so we don't expose ourselves. I've… more »

What needs improvement?

Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly… more »

What's my experience with pricing, setup cost, and licensing?

It's a yearly contract, but I don't remember the dollar amount.

What other advice do I have?

I would advise others not to use Fortify, but rather get something like Veracode or Checkmarx. The most important thing is not the functionality of the product. The most important thing is the… more »

Which other solutions did I evaluate?

I don't remember if we evaluated anybody else. I think Fortify was recommended through a consultant. Some years ago, there were not so many vendors at a time playing in this arena. There's not so many… more »
Real User
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees
Jan 15 2020

What is most valuable?

The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira. When a vulnerability is found then it is classified as a bug and sent to IT.

What needs improvement?

This solution would be improved if the code-quality perspective were added to it, on top of the security aspect. It would rate performance and other things. This is one of the reasons that people are interested in SonarQube. This would make… more »

Which solution did I use previously and why did I switch?

We also use WebInspect, SonarQube, and other security tools in addition to this solution. The use of particular tools depends on the project and the project manager that I speak with. Prior to working with Fortify on Demand, we worked using… more »

What other advice do I have?

My advice to anybody who is considering this solution is to first get buy-in from the entire organization about adopting a culture of Security by design. Fortify on Demand can scan your code, but you need to have plans in place for what… more »

Which other solutions did I evaluate?

We did not evaluate other vendors beyond the solutions that we are using.
Learn what your peers think about Micro Focus Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
437,827 professionals have used our research since 2012.
KavithaSridhar
Consultant
Director Consulting at a tech services company with 10,001+ employees
Nov 11 2018

What is most valuable?

The features I found most valuable is that it is very configurable. The installation was also very easy.

How has it helped my organization?

First, you don't have very high requirement and we could do it quickly and efficiently. Second, it was easy for us to install the reading bot facing challenges and such, while doing that installation… more »

What needs improvement?

Yeah, some of the technologies and framework for libraries were not available at that point of time. For example, if it was in the back end, at that point in time we had to look at other tools. There… more »

What's my experience with pricing, setup cost, and licensing?

The licensing was good because the licenses have the heavy centralized server. It connects to the other PTs, or even if it connects to the old EC servers. We had to put it within an old EC, in order… more »

What other advice do I have?

Today's security has become so complex that you cannot lean completely dependent on one tool. What I have learned is that you should have multiple tools. Now, with different areas coming into space… more »

Which other solutions did I evaluate?

We were using many other tools like TechAbility, IBM AppScan and I think these were the predominant ones.
Prakash-Rao
Real User
Vice President - Solution Architecture at a financial services firm with 10,001+ employees
Jan 16 2020

What is most valuable?

Fortify on Demand is easy to use and the reporting is good. As for the static code analysis functionality, it is doing the job that it is supposed to do.

What needs improvement?

This solution cannot do dynamic application security testing. It needs to be able to simulate a situation where a hacker is trying to break into the system. The vulnerability analysis does not always provide guidelines for what the… more »

Which solution did I use previously and why did I switch?

We did not use another solution prior to starting our evaluation that includes Fortify on Demand. People were relying on some open-source static code analyzers. However, I don't think that it was very reliable.

What other advice do I have?

Fortify on Demand is a product that I recommend but the suitability of this solution depends on exactly what the requirements are. Every product has a unique feature as well as limitations with respect to what it can and can not do. What it… more »

Which other solutions did I evaluate?

We are currently using WebInspect but it does not satisfy all of our requirements. We are continuing to research other tools from other vendors, including open-source technologies. We have not fully decided yet. Before deciding on any… more »
ChimaUzomba
Reseller
Chief Executive & Certified Security Administrator at Boch
Jan 14 2020

What is most valuable?

We actually find all of the product's features valuable. But at this point, we are trying to upsell by adding additional components like RAFT (Re-usable Automation Framework for Testing) to the test cycle.

What needs improvement?

Strictly in terms of this product, I think it is a top-notch solution and I think the technology is still the best on the market. What might be improved is maybe just look at the pricing. It is a bit confusing compared to other products that we also sell. Whatever innovation they can come up with would be an excellent addition if it adds useful functionality. The only thing I can think of that… more »

What other advice do I have?

I would definitely recommend Micro Focus Fortify any day for clients who are looking for a good security solution. On a scale from one to ten where one is the worst and ten is the best, I would rate Micro Focus Fortify on Demand as a nine out of ten.
Real User
Production Manager for Nearshore SWaT at a computer software company with 10,001+ employees
Aug 25 2020

What is most valuable?

The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them.

What needs improvement?

The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools.

What's my experience with pricing, setup cost, and licensing?

It is quite expensive. Pricing and the licensing model could be improved.

Which solution did I use previously and why did I switch?

I have used SonarQube but not at the same level. It has some functionalities that are related to security. It does not go as deep as Micro Focus Fortify on Demand. We have evaluated other tools that are competitors of Micro Focus Fortify on… more »

What other advice do I have?

Before using it, evaluate other possibilities because it's quite expensive if you don't have the need to use it. For example, replace it with SonarQube or another competitor's tool that may not do quite the same thing, but it is enough for… more »
Appsecanst67
Real User
Senior Application Security Analyst at a financial services firm with 10,001+ employees
Aug 19 2019

What is most valuable?

What is most useful is how you can have related features upgraded on the tools. The tools themselves have details for the code as well, where the issues have been flagged, and all the vulnerabilities are there, in one place.

What needs improvement?

The solution has some problems with latency. Sometimes it takes a while to respond. This issue should be addressed. They should improve the data path where the issue has been flagged. They can improve the flow module details. If you can understand from the data flow or data path what is happening, you can better understand what the issue is.

What other advice do I have?

We use the cloud deployment model of the solution. Whether or not you decide to implement the solution depends on the use case. It depends on if the user has a big application or multiple lines of code which need to be scanned. New users need to do POC so they can investigate if this tool fits in their company or their enterprise before they begin implementation. Everyone should do a comparison… more »
Ives Laaf
Real User
Head of Compliance & Quality / CISO at a tech services company with 51-200 employees
Jun 11 2019

What do you think of Micro Focus Fortify on Demand?

What is our primary use case?

Our primary use case for this solution is static code analysis.

How has it helped my organization?

This solution has helped us to improve our security processes.

What is most valuable?

The static code analyzers are the most valuable features of this solution.

What needs improvement?

The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment. It needs a better configuration and more options for reports.

For how long have I used the solution?

Four months.

What do I think about the stability of the solution?

The solution is working, so I would say that its stability is fine.

What do I think about the scalability of the solution?

We have approximately twenty users…

What is Micro Focus Fortify on Demand?

Micro Focus Fortify on Demand’s application security-as-a-service is the easy and flexible way to identify vulnerabilities in your applications without additional investment in software or personnel. Allow our global team to work for you, providing support and technical expertise 24/7.

Also known as
Fortify on Demand
Micro Focus Fortify on Demand customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

Read Archived Reviews