We performed a comparison between Fortify on Demand and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Audit workbench: for on-the-fly defect auditing."
"The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"The quality of application security testing reduces risk and gives very few false positives."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"It is an extremely robust, scalable, and stable solution."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"The way they do the research and they keep their profile up to date is great. They identify vulnerabilities and update them immediately."
"The most valuable features are Burp Intruder and Burp Scanner."
""The product is very good just the way it is; It has everything already well established and functions great. I can't see any way for this current version to be improved.""
"I have found the best features to be the performance and there are a lot of additional plugins available."
"It is useful for scanning and tracing activities."
"The solution is stable."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"The intercepting feature is the most valuable."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"The scanner and crawler need to be improved."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
"There could be an improvement in the API security testing. There is another tool called Postman and if we had a built-in portal similar to Postman which captures the API, we would be able to generate the API traffic. Right now we need a Postman tool and the Burp Suite for performing API tests. It would be a huge benefit to be able to do it in a single UI."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"The initial setup is a bit complex."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"As with most automated security tools, too many false positives."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Fortify on Demand is ranked 10th in Application Security Tools with 57 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews. Fortify on Demand is rated 8.0, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and Fortify WebInspect, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, HCL AppScan and GitLab. See our Fortify on Demand vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.