We performed a comparison between Fortify on Demand and Fortify WebInspect based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Audit workbench: for on-the-fly defect auditing."
"t's a cloud-based solution, so there was no installation involved."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The user interface is good."
"The SAST feature is the most valuable."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The accuracy of its scans is great."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Guided Scan option allows us to easily scan and share reports."
"Technical support has been good."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"The products must provide better integration with build tools."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"Not fully integrated with CIT processes."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"The initial setup was complex."
"Not sufficiently compatible with some of our systems."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"Lately, we've seen more false negatives."
"Creating reports is very slow and it is something that should be improved."
"A localized version, for example, in Korean would be a big improvement to this solution."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"We have often encountered scanning errors."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews. Fortify on Demand is rated 8.0, while Fortify WebInspect is rated 7.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Snyk, whereas Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Acunetix, OWASP Zap, HCL AppScan and Qualys Web Application Scanning. See our Fortify WebInspect vs. Fortify on Demand report.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.