We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"It is an extremely robust, scalable, and stable solution."
"The user interface is good."
"The SAST feature is the most valuable."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"The solution offers services in a few specific development languages."
"The most valuable feature of the solution is Postman."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The UI was very intuitive."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"They have very good support, but there is always room for improvement."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"Reporting could be improved."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"AppScan is too complicated and should be made more user-friendly."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The penetration testing feature should be included."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"They should have a better UI for dashboards."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while HCL AppScan is ranked 15th in Application Security Tools with 40 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Fortify WebInspect. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.