We just raised a $30M Series A: Read our story
2018-04-09T18:49:00Z

What needs improvement with Fortify Application Defender?

0

Please share with the community what you think needs improvement with Fortify Application Defender.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
55 Answers

author avatar
Top 5LeaderboardReal User

The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours. In an upcoming release, they could improve how they apply the automation.

2021-09-07T14:05:37Z
author avatar
Top 5LeaderboardReal User

The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java. They need better support for applications written in Python or more advanced web service-type implementations. Better support for other architectures is critical. Technical support needs to be improved. It would be helpful to include agent deployment as part of the Azure DevOps marketplace. This would make it really easy for customers to get this plugin and install it within their application centers.

2020-09-21T06:33:16Z
author avatar
Top 20Real User

There are a couple of vulnerabilities not covered by the solution and we are working on how we can improve on these things. An example of this is when we have a static value that is stored in a database. We need to use a workaround when a value is not exposed directly to the code base, where we check that code dynamically. The workbench is a little bit complex when you first start using it.

2020-03-05T08:39:51Z
author avatar
Real User

The solution is quite expensive. There could be little improvements made in the solution's performance, reporting, management, interface, dashboard, etc. Their level of support could also be better. They should be more qualified and quicker to respond, for example. It would be beneficial if the dashboard integrated with JIRA.

2019-08-22T05:49:00Z
author avatar
Real User

Support for older compilers/IDEs is lacking. Many developers are still using environments that are known for having security issues. For example, Visual Studio 2005, 2008, and older, gcc 1.x, etc. are still being used. However, we cannot analyze a project using these older compilers because they are no longer supported by Fortify. If I can't find security issues injected by the development environment because I'm forced to use a newer compiler, then I cannot make recommendations to use an updated compiler. This is a particularly thorny issue wherein development environments of mission critical systems do not change and yet we need to recommend usage of newer development environments.

2018-04-09T18:49:00Z
Find out what your peers are saying about Micro Focus, SonarSource, Synopsys and others in Application Security. Updated: October 2021.
541,708 professionals have used our research since 2012.