We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"The user interface is good."
"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"The SAST feature is the most valuable."
"This product is top-notch solution and the technology is the best on the market."
"Audit workbench: for on-the-fly defect auditing."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"We leverage it as a quality check against code."
"We are now deploying less defects to production."
"The UI was very intuitive."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"The most valuable feature of the solution is Postman."
"It provides a better integration for our ecosystem."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"There were some regulated compliances, which were not there."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"The products must provide better integration with build tools."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"Scans become slow on large websites."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"Improvement can be done as per customer requirements."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"The solution could improve by having a mobile version."
"The penetration testing feature should be included."
Fortify on Demand is ranked 8th in Application Security Tools with 57 reviews while HCL AppScan is ranked 14th in Application Security Tools with 41 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and OWASP Zap, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Checkmarx One. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.