We performed a comparison between Fortify on Demand and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"The quality of application security testing reduces risk and gives very few false positives."
"It is an extremely robust, scalable, and stable solution."
"What stands out to me is the user-friendliness of each feature."
"It helps deploy and track changes easily as per time-to-time market upgrades."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"Being able to reduce risk overall is a very valuable feature for us."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."
"It works with many different products."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"The product prevents possible vulnerabilities in our network."
"Its most valuable features are patch management, vulnerability management, and PCI compliance."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"The simplicity of exporting reports and the simplicity and clarity of the reports included with the product are good."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"They could provide features for artificial intelligence similar to other vendors."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"We have some stability issues, but they are minimal."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"In certain cases, this product does have false positives, which the company should work on."
"The support could be faster."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"The product should allow users to upload their payloads."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The pricing does not seem to be competitive."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"Deployment can be complicated."
More Qualys Web Application Scanning Pricing and Cost Advice →
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. Fortify on Demand is rated 8.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Fortify on Demand vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.