Fortify Application Defender Reviews

Name: Fortify Application Defender
Brand: OpenText
Rating: 3.9 (11 reviews)

3.9 out of 5

11 reviews
81% willing to recommend

What is Fortify Application Defender?

Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about Fortify Application Defender, SonarQube Server (formerly SonarQube), Snyk and more!

Fortify Application Defender is the #28 ranked solution in application security solutions. PeerSpot users give Fortify Application Defender an average rating of 7.8 out of 10. Fortify Application Defender is most commonly compared to SonarQube Server (formerly SonarQube): Fortify Application Defender vs SonarQube Server (formerly SonarQube). Fortify Application Defender is popular among the large enterprise segment, accounting for 75% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 20% of all views.

Buyer's Guide

Application Security Tools

June 2025

Get the category report

Helped 857,028 peers since 2012

Featured Fortify Application Defender reviews

Saroj-Patnaik

Software Development Engineer 3 at Ernst & Young

I primarily use Fortify Application Defender to assess whether our products can defend against applications Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications. Fortify Application Defender gives…

Read full review

HisaoOgata

Department Manger at Hitachi Channel

We use the solution to prevent cyberattacks Based on the alerts created by the solution during development, we modify the software we are developing. The product finds mistakes automatically. It warns us about the vulnerabilities in the software. The product saves us cost and time. The product…

Read full review

VinothSivam

CTO at Abcl

I rate the tool's scalability a seven out of ten. However, I'm concerned about how it handles an increasing number of lines of code. As the complexity grows, so does the time it takes for the tool to review everything. I want more clarity on how Fortify Application Defender handles multiple threats. We have numerous endpoints, but the tool runs in our pipeline, meaning it operates in the cloud. All our code is configured there, and the tool runs integration testing, unit testing, user testing, and final production code tests. It's a day-to-day experience. It's utilized almost every day as part of our pipeline runs. Each team responsible for integration testing, human testing, user access testing, and preproduction testing runs it whenever they take a build.

Read full review

Fortify Application Defender mindshare

As of June 2025, the mindshare of Fortify Application Defender in the Application Security Tools category stands at 0.7%, down from 0.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Valuable Features

Fortify Application Defender's most valuable features include real-time data analysis, security defect identification, simple user interface, static code analysis, automatic vulnerability notifications, machine learning algorithms, and rule customization. It integrates easily with code repositories and CI/CD pipelines and offers fast scanning. The tool provides specific application defense, helpful information for issue resolution, and software composition analysis, enhancing security assessments and saving cost and time. Its rule configuration and default code packages are also appreciated.

"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The product saves us cost and time."

Room for Improvement

Fortify Application Defender lacks support for older compilers and IDEs, limiting its compatibility with legacy systems. It struggles with performance, complex licensing, and offers inadequate technical support. The tool's false positive rate is high, especially for Python. It lacks support for additional programming languages and platforms like Python and GRAAS. It should integrate better with code review tools and improve scanning speed. Integration with Azure DevOps Marketplace would enhance usability.

"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"I encountered many false positives for Python applications."
"The false positive rate should be lower."

Pricing

Enterprise users report that Fortify Application Defender's base licensing costs $900 USD per application annually. Pricing may vary significantly based on company size and project type, ranging from $10,000 to over $200,000, with some companies paying around 50 lakhs. Complexity in licensing is highlighted, with the tool being described as expensive compared to competitors. Pricing ratings from users range between five and seven out of ten, often pointing to higher costs despite available trial periods.

"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."
"The product’s price is much higher than other tools."
"Fortify Application Defender is very expensive."

Popular Use Cases

Fortify Application Defender is utilized by organizations for static code analysis across various environments like Altera, Xilinx, Linux, and Windows. Teams employ the system to ensure security in banking projects by checking code for exposed IPs and passwords. It serves as an additional layer for application-specific threat blocking and is integrated into DevOps pipelines. Companies use it for large-scale code scanning, assessing security defenses, and supporting agile development processes.

Service and Support

Customer service and support for Fortify Application Defender show mixed feedback. Some find technical support helpful and responsive, while others note the need for improvement, citing issues since the acquisition by HP. Communication and resolution speed are areas for enhancement. Some rely on partners and find the documentation comprehensive. Several appreciate the vendor's willingness to address technical challenges, although many feel that support lacks sufficient expertise. Senior management is aware and working on resolving these issues.

Deployment

Initial setup experiences with Fortify Application Defender are generally straightforward, requiring collaboration between security and operations teams for successful deployment. In development environments, deployment may take five minutes, while pre-production and production can require more time due to maturity needs. Companies find the setup easy, rating it between six to eight out of ten. Deployments can take from four hours to a week, depending on integration complexities. Maintenance typically requires minimal staff involvement.

Scalability

Fortify Application Defender demonstrates good scalability for many users and projects. Some note that proper infrastructure enhances scalability. Concerns arise with increasing code complexity and licensing issues. Scalability ratings range from three to eight out of ten. The tool is actively used in cloud-based environments integrating various tests, but issues with handling numerous lines of code and licensing limitations have been highlighted by users. Generally, scalability is viewed positively with a few reservations.

Stability

Users consistently find Fortify Application Defender stable, describing it as robust and reliable. Many express satisfaction with its performance, noting minimal issues impacting dependability. It is often viewed as a "deploy it and forget it" type system, suggesting long-term reliability. Ratings for its stability frequently include perfect scores, such as ten out of ten, with several users considering it excellent and dependable, highlighting their positive assessment of its long-term functionality and effectiveness.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Application Security Tools Buyer's Guide for additional reliable information.