Badges

35 Points
6 Years

User Activity

Almost 4 years ago
I believe the reviewer or the forum organizer has posted this review in the wrong area, or confused Fortify's WebInspect product (DAST) with their Static Code Analyzer ("Fortify SCA") product (SCA) +++++++++ Fortify general:…
Over 4 years ago
Acquiring the tools is not the goal, it is to operate an Application Security program. Remember that you need People-Technology-and-Processes, not simply some cool technology tool, even if that modern tech is now much faster and clearer than ever before. An AppSec program…
Over 5 years ago
Fortify does not offer a cloud version of WebInspect that the user can drive or configure directly The closest they have to WebInspect in a cloud format is the Fortify On Demand SaaS ("FOD"), and truthfully that is more "DAST or AppSec As A Service". In FOD, the customer…
Over 5 years ago
SonarQube likely should be removed from your site's AppSec category. Read the other comments to understand why. It's a good tool, but this is not its category.
About 6 years ago
[Full disclosure - I work for Fortify Software] Fortify SCA (Static Code Analyzer) can support your DevOps system in a variety of ways, so the choices are all yours, which can make this tough. I just wanted to share some of our On-premise and On-line options below to get…

Answers

Over 4 years ago
Application Security Tools
Over 5 years ago
Application Security Tools
About 6 years ago
Application Security Testing (AST)

Comments

Almost 4 years ago
Dynamic Application Security Testing (DAST)
Over 5 years ago
Dynamic Application Security Testing (DAST)

About me

I joined this forum to help correct some blatantly bad info about the software i support, but I am blocked from noting these. For instance, one EOL product used for DAST was being compared to an Open Source management suite, so WTF? Also, I could correct the public URLs to help the readers find more relevant data. Ah well....