We performed a comparison between Fortify on Demand and Parasoft SOAtest based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"The vulnerability detection and scanning are awesome features."
"The SAST feature is the most valuable."
"The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira."
"Parasoft SOAtest has improved the quality of our automated web services, which can be easily implemented through service chaining and service virtualization."
"Every imaginable source in the entire world of information technology can be accessed and used."
"We have seen a return on investment."
"Automatic testing is the most valuable feature."
"The testing time is shortened because we generate test data automatically with SOAtest."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"Technical support is helpful."
"They have a feature where they can record traffic and create tests on the report traffic."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"We have some stability issues, but they are minimal."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"Fortify on Demand could be improved with support in Russia."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
"UI testing should be more in-depth."
"During the process of working with SOAtest and building test cases, the .TST files will grow. A negative side effect is that saving your changes takes more time."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"Tuning the tool takes time because it gives quite a long list of warnings."
"From an automation point of view, it should have better clarity and be more user friendly."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Reporting facilities can be better."
Fortify on Demand is ranked 9th in Static Application Security Testing (SAST) with 56 reviews while Parasoft SOAtest is ranked 28th in Static Application Security Testing (SAST) with 30 reviews. Fortify on Demand is rated 8.0, while Parasoft SOAtest is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Parasoft SOAtest writes "Good API testing and RIT feature; clarity could be improved". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Veracode. See our Fortify on Demand vs. Parasoft SOAtest report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.