Micro Focus Fortify on Demand Overview

Micro Focus Fortify on Demand is the #4 ranked solution in our list of AST tools. It is most often compared to SonarQube: Micro Focus Fortify on Demand vs SonarQube

What is Micro Focus Fortify on Demand?

Micro Focus Fortify on Demand’s application security-as-a-service is the easy and flexible way to identify vulnerabilities in your applications without additional investment in software or personnel. Allow our global team to work for you, providing support and technical expertise 24/7.

Micro Focus Fortify on Demand is also known as Fortify on Demand.

Micro Focus Fortify on Demand Buyer's Guide

Download the Micro Focus Fortify on Demand Buyer's Guide including reviews and more. Updated: January 2021

Micro Focus Fortify on Demand Customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

Micro Focus Fortify on Demand Video

Pricing Advice

What users are saying about Micro Focus Fortify on Demand pricing:
  • "It's a yearly contract, but I don't remember the dollar amount."
  • "We are still using the trial version at this point but I can already see from the trial version alone that it is a good product. For others, I would say that Fortify on Demand might look expensive at the beginning, but it is very powerful and so you shouldn't be put off by the price."
  • "Their subscriptions could use a little bit of a reworking, but I am very happy with what they're able to provide."
  • "The pricing can be improved because it is complex when compared to the competition."
  • "It is cost-effective."

Micro Focus Fortify on Demand Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
reviewer1050960
CISO at a retailer with 1,001-5,000 employees
Real User
Top 5Leaderboard
May 16, 2019
Detects vulnerabilities and provides useful suggestions, but doesn't understand complex websites

What is our primary use case?

We use Fortify on Demand to test our e-commerce website. We do static codes testing before it goes live.

Pros and Cons

  • "The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
  • "Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."

What other advice do I have?

I would advise others not to use Fortify, but rather get something like Veracode or Checkmarx. The most important thing is not the functionality of the product. The most important thing is the knowledge, support, and availability of the team of security specialists as a vendor, that you have somebody to work with and talk to. Everybody's website is different, and if you try to use the product out of the box the way they built it and you have nobody to talk to to figure out how to tweak your application or the product to reduce the noise and the false positives, it becomes literally useless. So…
Dionisio Valdés
Senior System Analyst at Azurian
Real User
Dec 20, 2020
Makes it easy to discover hidden vulnerabilities in our open source libraries

What is our primary use case?

We create technology solutions for clients and on one project we were requested to use Fortify on Demand after the client had read a good report about it. They sent us the report and recommended its use. In this case, we were using Java to program the client's solution and so we used Fortify on Demand alongside our Java development operations, for the purpose of improving the application's security. The work we were doing for the client involved creating a billing system that they would use to manage payments and taxes for other companies in Chile. We've only used Fortify on Demand for this… more »

Pros and Cons

  • "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
  • "During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."

What other advice do I have?

For us, Fortify on Demand is a good quality product that I can recommend for a few reasons, including: * Very useful source code review and vulnerability detection. * Clear and easy-to-read test results and reports. * Good integration with other platforms during development. I would rate Fortify on Demand a nine out of ten.
Learn what your peers think about Micro Focus Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
457,459 professionals have used our research since 2012.
reviewer1078392
Security Systems Analyst at a retailer with 5,001-10,000 employees
Real User
Dec 7, 2020
An extremely scalable, flexible, and stable solution that reduces the overall risk and gives us assurance

What is our primary use case?

All in-house developed code or a third-party developed code on our behalf is scanned via Fortify on Demand. Any results for unsecure code, vulnerabilities, or issues are passed back to the development teams for remediation.

Pros and Cons

  • "Being able to reduce risk overall is a very valuable feature for us."
  • "They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."

What other advice do I have?

We plan to keep using this solution. Every year, we seem to have more and more code, and they add more and more features such as third-party library assessments, etc. Open source has become a big thing as companies try and save money, but with open source comes additional risk. This solution helps us mitigate the risk of those open-source components. So, we're using this more and more as we move forward. The important part of this is automation. There are lots of automation options for this tool. Initially, trying to do it manually was a great start, but we kind of got lost a little bit along…
reviewer1263261
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees
Real User
Jan 15, 2020
Good development platform integration promotes a culture of Security by design

What is our primary use case?

I have been using this solution to gain some perspective from different architectures for the security team. I do not use it every day. I do have an overview and it is integrated with our development platform. I do work for our governance team, so whenever a project is coming I will review products. I need to connect with the project managers for testing them, and these tests include the vulnerability assessment along with other security efforts. One of the things that I suggest is using Micro Focus Fortify on Demand. The primary use case is core scanning for different vulnerabilities, based… more »

Pros and Cons

  • "The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
  • "This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."

What other advice do I have?

My advice to anybody who is considering this solution is to first get buy-in from the entire organization about adopting a culture of Security by design. Fortify on Demand can scan your code, but you need to have plans in place for what needs to be done when problems are identified. It may mean that things will have to change with regards to how code is being written. It may also require integration with other platforms. You can't just start scanning without first understanding what the security architecture is. You need to understand the vulnerabilities and all of the standards, as well…
Prakash-Rao
Vice President - Solution Architecture at a financial services firm with 10,001+ employees
Real User
Jan 16, 2020
Easy to use and the reporting is good, but does not support dynamic application security testing

What is our primary use case?

We are using Fortify on Demand as a static code analyzer. As it scans each application, it checks each line of code. When we are developing mobile applications there might be some kind of security vulnerability. One example is a check to see if information that is being transferred is not encrypted because this would be vulnerable to hackers who are trying to break into the system. We also look at whether were are using the network transport layer security. Our overall goal at this time is to protect our mobile app because it is one of the ways that hackers can break into the system.

Pros and Cons

  • "Fortify on Demand is easy to use and the reporting is good."
  • "The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."

What other advice do I have?

Fortify on Demand is a product that I recommend but the suitability of this solution depends on exactly what the requirements are. Every product has a unique feature as well as limitations with respect to what it can and can not do. What it comes down to is how the application is built, as well as the technology stack. The licensing costs are also something that needs to be considered. Overall, it is a very good tool and it works well for what it is designed for. I would rate this solution a seven out of ten.
ChimaUzomba
Chief Executive & Certified Security Administrator at Boch
Reseller
Top 20
Jan 14, 2020
Good for banking and financial institutions to manage and test product lifecycles

What is our primary use case?

We recommend this product to our customers. We act as vendors and resellers. This is actually one of the solutions we often recommend to our customers most often. Usually, this is the best choice for banking and financial institutions. It is deployed by their development team in-house. They use it to manage and test product lifecycles.

Pros and Cons

  • "This product is top-notch solution and the technology is the best on the market."
  • "The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."

What other advice do I have?

I would definitely recommend Micro Focus Fortify any day for clients who are looking for a good security solution. On a scale from one to ten where one is the worst and ten is the best, I would rate Micro Focus Fortify on Demand as a nine out of ten.
Mamta Jha
Co-Founder at TechScalable
Real User
Top 20
Oct 13, 2020
A feature-rich solution for simplified designing and architecting

What is our primary use case?

We are architecting applications for e-commerce websites similar to Amazon. Everything is running on the cloud, and Micro Focus Fortify on Demand is totally integrated with our solution at this point in time.

Pros and Cons

  • "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
  • "In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."

What other advice do I have?

You can choose this product for sure with a lot of confidence. It entirely depends on how you are exploring the stuff and trying to integrate it. Designing has to be good. It has all the features, but exploring the features and using it as per your need is important. It is not that features are not there. You just need to explore them and know how to use them. I would rate Micro Focus Fortify on Demand an eight out of ten. It is a good product. However, it needs improvements from the security aspect and from the aspect of integrations with other popular tools in the market.
reviewer1345719
Project Analyst at a financial services firm with 1,001-5,000 employees
Real User
Oct 31, 2020
A cost-effective and intuitive solution for checking vulnerabilities during the development process

What is our primary use case?

We use it for statistical analysis for Java applications that are used in the collection process of a bank. It is also used for an internal web page. The tellers use this web page in the branches to make money transactions, such as withdrawals, deposits, etc.

Pros and Cons

  • "The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
  • "It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."

What other advice do I have?

It is a great solution. It is cost-effective for a secure development process. If an enterprise wants to adopt the DevOps process, Micro Focus Fortify on Demand is a great starting point. I would rate Micro Focus Fortify on Demand a nine out of ten.
See 4 more Micro Focus Fortify on Demand Reviews
Buyer's Guide
Download our free Micro Focus Fortify on Demand Report and get advice and tips from experienced pros sharing their opinions.