Micro Focus Fortify on Demand Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Cinfooffice09987
Real User
CISO at a retailer with 1,001-5,000 employees
May 16 2019

What is most valuable?

The product, in general, is meant to scan the website and identify any vulnerabilities: a known vulnerability across that script and SQL injection or other vulnerabilities from OWASP top 10, etc. That… more»

How has it helped my organization?

Before we migrate a new code to our production website, it is scanned with Fortify and all security vulnerabilities are identified. Then we try to remediate them so we don't expose ourselves. I've… more»

What needs improvement?

Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly… more»

What's my experience with pricing, setup cost, and licensing?

It's a yearly contract, but I don't remember the dollar amount.

What other advice do I have?

I would advise others not to use Fortify, but rather get something like Veracode or Checkmarx. The most important thing is not the functionality of the product. The most important thing is the… more»

Which other solutions did I evaluate?

I don't remember if we evaluated anybody else. I think Fortify was recommended through a consultant. Some years ago, there were not so many vendors at a time playing in this arena. There's not so many… more»
Real User
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees
Jan 15 2020

What is most valuable?

The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira. When a vulnerability is found then it is classified as a bug and sent to IT.

What needs improvement?

This solution would be improved if the code-quality perspective were added to it, on top of the security aspect. It would rate performance and other things. This is one of the reasons that people are interested in SonarQube. This would make… more»

Which solution did I use previously and why did I switch?

We also use WebInspect, SonarQube, and other security tools in addition to this solution. The use of particular tools depends on the project and the project manager that I speak with. Prior to working with Fortify on Demand, we worked using… more»

What other advice do I have?

My advice to anybody who is considering this solution is to first get buy-in from the entire organization about adopting a culture of Security by design. Fortify on Demand can scan your code, but you need to have plans in place for what… more»

Which other solutions did I evaluate?

We did not evaluate other vendors beyond the solutions that we are using.
Find out what your peers are saying about Micro Focus, SonarQube, Checkmarx and others in Application Security. Updated: January 2020.
391,932 professionals have used our research since 2012.
Jonathas De Morais
Real User
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
Aug 14 2018

What is most valuable?

One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security… more»

How has it helped my organization?

Because of the kind of products we deal with, and the kind of customers we have, we have really specific security requirements and practices we need to follow… more»

What needs improvement?

It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the… more»

What's my experience with pricing, setup cost, and licensing?

The subscription model, on a per-scan basis, is a bit expensive. That's another reason we are not using it for all the apps. That subscription model is probably something… more»

Which solution did I use previously and why did I switch?

We didn't have a previous solution. We researched a couple of the tools, but we ended up using Fortify because of the comprehensive scans they have, and mainly because… more»

What other advice do I have?

Understand what you want to get out of it and be sure to fully understand what you will be paying per scan if you go for the subscription model. As I said, having to scan… more»

Which other solutions did I evaluate?

We looked at CheckMarkx and SonarQube Enterprise. As I said, we are currently using SonarQube for other apps, but we use the open-source version. We tried to use the… more»
KavithaSridhar
Consultant
Director Consulting at a tech services company with 10,001+ employees
Nov 11 2018

What is most valuable?

The features I found most valuable is that it is very configurable. The installation was also very easy.

How has it helped my organization?

First, you don't have very high requirement and we could do it quickly and efficiently. Second, it was easy for us to install the reading bot facing challenges and such, while doing that installation… more»

What needs improvement?

Yeah, some of the technologies and framework for libraries were not available at that point of time. For example, if it was in the back end, at that point in time we had to look at other tools. There… more»

What's my experience with pricing, setup cost, and licensing?

The licensing was good because the licenses have the heavy centralized server. It connects to the other PTs, or even if it connects to the old EC servers. We had to put it within an old EC, in order… more»

What other advice do I have?

Today's security has become so complex that you cannot lean completely dependent on one tool. What I have learned is that you should have multiple tools. Now, with different areas coming into space… more»

Which other solutions did I evaluate?

We were using many other tools like TechAbility, IBM AppScan and I think these were the predominant ones.
Prakash-Rao
Real User
Vice President - Solution Architecture at a financial services firm with 10,001+ employees
Jan 16 2020

What is most valuable?

Fortify on Demand is easy to use and the reporting is good. As for the static code analysis functionality, it is doing the job that it is supposed to do.

What needs improvement?

This solution cannot do dynamic application security testing. It needs to be able to simulate a situation where a hacker is trying to break into the system. The vulnerability analysis does not always provide guidelines for what the… more»

Which solution did I use previously and why did I switch?

We did not use another solution prior to starting our evaluation that includes Fortify on Demand. People were relying on some open-source static code analyzers. However, I don't think that it was very reliable.

What other advice do I have?

Fortify on Demand is a product that I recommend but the suitability of this solution depends on exactly what the requirements are. Every product has a unique feature as well as limitations with respect to what it can and can not do. What it… more»

Which other solutions did I evaluate?

We are currently using WebInspect but it does not satisfy all of our requirements. We are continuing to research other tools from other vendors, including open-source technologies. We have not fully decided yet. Before deciding on any… more»
ChimaUzomba
Reseller
Chief Executive at Boch
Jan 14 2020

What is most valuable?

We actually find all of the product's features valuable. But at this point, we are trying to upsell by adding additional components like RAFT (Re-usable Automation Framework for Testing) to the test cycle.

What needs improvement?

Strictly in terms of this product, I think it is a top-notch solution and I think the technology is still the best on the market. What might be improved is maybe just look at the pricing. It is a bit confusing compared to other products that we also sell. Whatever innovation they can come up with would be an excellent addition if it adds useful functionality. The only thing I can think of that… more»

What other advice do I have?

I would definitely recommend Micro Focus Fortify any day for clients who are looking for a good security solution. On a scale from one to ten where one is the worst and ten is the best, I would rate Micro Focus Fortify on Demand as a nine out of ten.
Appsecanst67
Real User
Senior Application Security Analyst at a financial services firm with 10,001+ employees
Aug 19 2019

What is most valuable?

What is most useful is how you can have related features upgraded on the tools. The tools themselves have details for the code as well, where the issues have been flagged, and all the vulnerabilities are there, in one place.

What needs improvement?

The solution has some problems with latency. Sometimes it takes a while to respond. This issue should be addressed. They should improve the data path where the issue has been flagged. They can improve the flow module details. If you can understand from the data flow or data path what is happening, you can better understand what the issue is.

What other advice do I have?

We use the cloud deployment model of the solution. Whether or not you decide to implement the solution depends on the use case. It depends on if the user has a big application or multiple lines of code which need to be scanned. New users need to do POC so they can investigate if this tool fits in their company or their enterprise before they begin implementation. Everyone should do a comparison… more»
Nixon B
Vendor
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Aug 16 2018

What is most valuable?

We can run our scans properly on it. It improves future security scans.

How has it helped my organization?

We are using lost programming languages, because we have a lot of product development going on because we have a product-based company. Fortify helps us to stay updated with the newest languages and… more»

What needs improvement?

Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues. We would like a reduction in the time frame of scans. It takes us three to five days to run a… more»

What's my experience with pricing, setup cost, and licensing?

The pricing is expensive.

Which solution did I use previously and why did I switch?

We did not have another solution before. We tried other solutions, but they were not as good as Fortify.

Which other solutions did I evaluate?

Currently, Checkmarx offers us a graphically, revised run.
See 2 More Micro Focus Fortify on Demand Reviews

Articles

User Assessments By Topic About Micro Focus Fortify on Demand

Find out what your peers are saying about Micro Focus, SonarQube, Checkmarx and others in Application Security. Updated: January 2020.
391,932 professionals have used our research since 2012.

Micro Focus Fortify on Demand Questions

What is Micro Focus Fortify on Demand?

Micro Focus Fortify on Demand’s application security-as-a-service is the easy and flexible way to identify vulnerabilities in your applications without additional investment in software or personnel. Allow our global team to work for you, providing support and technical expertise 24/7.

Also known as
Fortify on Demand
Micro Focus Fortify on Demand customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

Read Archived Reviews