Fortify Application Defender Reviews

Name: Fortify Application Defender
Brand: OpenText
Rating: 3.9 (11 reviews)

3.9 out of 5

11 reviews
81% willing to recommend

What is Fortify Application Defender?

Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about Fortify Application Defender, SonarQube Server (formerly SonarQube), Snyk and more!

Fortify Application Defender is the #28 ranked solution in application security solutions. PeerSpot users give Fortify Application Defender an average rating of 7.8 out of 10. Fortify Application Defender is most commonly compared to SonarQube Server (formerly SonarQube): Fortify Application Defender vs SonarQube Server (formerly SonarQube). Fortify Application Defender is popular among the large enterprise segment, accounting for 75% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 20% of all views.

Buyer's Guide

Application Security Tools

May 2025

Get the category report

Helped 853,831 peers since 2012

Featured Fortify Application Defender reviews

Saroj-Patnaik

Software Development Engineer 3 at Ernst & Young

I primarily use Fortify Application Defender to assess whether our products can defend against applications Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications. Fortify Application Defender gives…

Read full review

HisaoOgata

Department Manger at Hitachi Channel

We use the solution to prevent cyberattacks Based on the alerts created by the solution during development, we modify the software we are developing. The product finds mistakes automatically. It warns us about the vulnerabilities in the software. The product saves us cost and time. The product…

Read full review

VinothSivam

CTO at Abcl

I rate the tool's scalability a seven out of ten. However, I'm concerned about how it handles an increasing number of lines of code. As the complexity grows, so does the time it takes for the tool to review everything. I want more clarity on how Fortify Application Defender handles multiple threats. We have numerous endpoints, but the tool runs in our pipeline, meaning it operates in the cloud. All our code is configured there, and the tool runs integration testing, unit testing, user testing, and final production code tests. It's a day-to-day experience. It's utilized almost every day as part of our pipeline runs. Each team responsible for integration testing, human testing, user access testing, and preproduction testing runs it whenever they take a build.

Read full review

Fortify Application Defender mindshare

As of June 2025, the mindshare of Fortify Application Defender in the Application Security Tools category stands at 0.7%, down from 0.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Valuable Features

Fortify Application Defender's most valuable features include real-time data analysis, security defect identification, simple user interface, static code analysis, automatic vulnerability notifications, machine learning algorithms, and rule customization. It integrates easily with code repositories and CI/CD pipelines and offers fast scanning. The tool provides specific application defense, helpful information for issue resolution, and software composition analysis, enhancing security assessments and saving cost and time. Its rule configuration and default code packages are also appreciated.

"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The product saves us cost and time."

Room for Improvement

Fortify Application Defender lacks support for older compilers and IDEs, limiting its compatibility with legacy systems. It struggles with performance, complex licensing, and offers inadequate technical support. The tool's false positive rate is high, especially for Python. It lacks support for additional programming languages and platforms like Python and GRAAS. It should integrate better with code review tools and improve scanning speed. Integration with Azure DevOps Marketplace would enhance usability.

"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"I encountered many false positives for Python applications."
"The false positive rate should be lower."

Pricing

Enterprise users report that Fortify Application Defender's base licensing costs $900 USD per application annually. Pricing may vary significantly based on company size and project type, ranging from $10,000 to over $200,000, with some companies paying around 50 lakhs. Complexity in licensing is highlighted, with the tool being described as expensive compared to competitors. Pricing ratings from users range between five and seven out of ten, often pointing to higher costs despite available trial periods.

"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."
"The product’s price is much higher than other tools."
"Fortify Application Defender is very expensive."

Popular Use Cases

Fortify Application Defender is utilized by organizations for static code analysis across various environments like Altera, Xilinx, Linux, and Windows. Teams employ the system to ensure security in banking projects by checking code for exposed IPs and passwords. It serves as an additional layer for application-specific threat blocking and is integrated into DevOps pipelines. Companies use it for large-scale code scanning, assessing security defenses, and supporting agile development processes.

Service and Support

Customer service and support for Fortify Application Defender show mixed feedback. Some find technical support helpful and responsive, while others note the need for improvement, citing issues since the acquisition by HP. Communication and resolution speed are areas for enhancement. Some rely on partners and find the documentation comprehensive. Several appreciate the vendor's willingness to address technical challenges, although many feel that support lacks sufficient expertise. Senior management is aware and working on resolving these issues.

Deployment

Initial setup experiences with Fortify Application Defender are generally straightforward, requiring collaboration between security and operations teams for successful deployment. In development environments, deployment may take five minutes, while pre-production and production can require more time due to maturity needs. Companies find the setup easy, rating it between six to eight out of ten. Deployments can take from four hours to a week, depending on integration complexities. Maintenance typically requires minimal staff involvement.

Scalability

Fortify Application Defender demonstrates good scalability for many users and projects. Some note that proper infrastructure enhances scalability. Concerns arise with increasing code complexity and licensing issues. Scalability ratings range from three to eight out of ten. The tool is actively used in cloud-based environments integrating various tests, but issues with handling numerous lines of code and licensing limitations have been highlighted by users. Generally, scalability is viewed positively with a few reservations.

Stability

Users consistently find Fortify Application Defender stable, describing it as robust and reliable. Many express satisfaction with its performance, noting minimal issues impacting dependability. It is often viewed as a "deploy it and forget it" type system, suggesting long-term reliability. Ratings for its stability frequently include perfect scores, such as ten out of ten, with several users considering it excellent and dependable, highlighting their positive assessment of its long-term functionality and effectiveness.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Application Security Tools Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

20%

Manufacturing Company

14%

Computer Software Company

13%

Government

University

Aerospace/Defense Firm

Real Estate/Law Firm

Healthcare Company

Educational Organization

Comms Service Provider

Energy/Utilities Company

Retailer

Insurance Company

Transportation Company

Construction Company

Media Company

Non Profit

Performing Arts

Wholesaler/Distributor

Consumer Goods Company

Engineering Company

Hospitality Company

Logistics Company

Recreational Facilities/Services Company

Leisure / Travel Company

Compare Fortify Application Defender with alternative products

Learn more about Fortify Application Defender

Fortify Application Defender was previously known as HPE Fortify Application Defender, Micro Focus Fortify Application Defender.

Fortify Application Defender customers

ServiceMaster, Saltworks, SAP

Product Categories

Application Security Tools

Popular Comparisons

SonarQube Server (formerly SonarQube) vs Fortify Application Defender

Snyk vs Fortify Application Defender

Checkmarx One vs Fortify Application Defender

Veracode vs Fortify Application Defender

Fortify on Demand vs Fortify Application Defender

GitHub Advanced Security vs Fortify Application Defender

Sonatype Lifecycle vs Fortify Application Defender

Acunetix vs Fortify Application Defender

Qualys Web Application Scanning vs Fortify Application Defender

Tenable.io Web Application Scanning vs Fortify Application Defender

Digital.ai Application Security vs Fortify Application Defender

Blue Cedar vs Fortify Application Defender

See all alternatives

Fortify Application Defender reviews

Sort by:

VinothSivam

CTO at Abcl

Verified user of Fortify Application Defender

Apr 26, 2024

Useful for fast code review in devOps pipelines

Pros

"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy. "

Cons

"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time. "

What is our primary use case?

We use the solution for fast code review. It is integrated into our DevOps pipeline.

What is most valuable?

I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (500 words)

Abner Santos

Senior Security Analyst (AppSec) at ELETROBRAS

Verified user of Fortify Application Defender

Apr 2, 2024

Comes with software composition analysis feature that helps to scan for vulnerabilities

Pros

"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities. "

Cons

"I encountered many false positives for Python applications. "

What is our primary use case?

I use Fortify to analyze projects in .NET languages.

What is most valuable?

The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities.

Fortify Application Defender is a good tool for overall application security. However, in my specific case, another tool was more suitable. Regarding the vulnerability scanner feature, it aids in security assessments by conducting static analysis on my code application.

It is easy to use and configure Fortify Application Defender. I configured it directly with my code repository, which I use GitLab for. Establishing the connection was straightforward. Additionally, configuring it in the CI/CD pipeline was very easy. I would recommend using it in this scenario for CI/CD.

The solution is very fast for scanning and analyzing, particularly for static analysis and SCA analysis scans.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (278 words)

Buyer's Guide

Application Security Tools

Download free report

Find out what your peers are saying about Application Security Tools. Updated May 2025

853,831 professionals have used our research since 2012.

Saroj-Patnaik

Software Development Engineer 3 at a consultancy with 10,001+ employees

Verified user of Fortify Application Defender

Feb 23, 2023

Reliable solution with excellent machine learning algorithms but expensive and lacking support

Pros

"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."

Cons

"Fortify Application Defender gives a lot of false positives."

What is our primary use case?

I primarily use Fortify Application Defender to assess whether our products can defend against applications.

What is most valuable?

Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (322 words)

HisaoOgata

Department Manger at Hitachi Channel

Verified user of Fortify Application Defender

May 26, 2023

Saves time and warns about the vulnerabilities in the software, but the false positive rate should be lower

Pros

"The product saves us cost and time."

Cons

"The false positive rate should be lower."

What is our primary use case?

We use the solution to prevent cyberattacks.

How has it helped my organization?

Based on the alerts created by the solution during development, we modify the software we are developing.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (336 words)

Warayuth Wongpaiboonwattana

System Quality Assurance Manager at AIS - Advanced Info Services Plc.

Verified user of Fortify Application Defender

Sep 13, 2021

Straightforward resolution information, stable, but automation could improve

Pros

"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."

Cons

"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."

What is our primary use case?

We use Fortify Application Defender for scanning our whole repository source code for security. We have more than 4,000 repositories in our company.

What is most valuable?

The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (278 words)

Tom Haakma

Director of Security at Merito

Verified user of Fortify Application Defender

Sep 22, 2020

Straightforward to deploy and integrates well with WebInspect to secure against application-specific threats

Pros

"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."

Cons

"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."

What is our primary use case?

I do not use this product personally. Rather, I implement it for other people.

The general use case is application-specific threat blocking. Most of our customers use it as an augment to their WAF.

How has it helped my organization?

When our customers turn on the app defender, they can see the things that it's blocking that are getting by their WAF. This is the reason that most people implement it.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (699 words)

Durgesh Pathak

DevOps Engineer at a energy/utilities company with 10,001+ employees

Verified user of Fortify Application Defender

Mar 10, 2020

Static code analysis helps identify security issues and maintain compliance

Pros

"The most valuable feature is that it analyzes data in real-time. "

Cons

"The workbench is a little bit complex when you first start using it."

What is our primary use case?

We use this solution for inspecting our security, such as checking to see if our developers are securing their code properly. For example, we have to ensure that they are not inadvertently exposing any IP addresses or passwords. We have to be cautious because most of our applications are related to banking and the financial domain.

Fortify Application Defender accomplishes this by performing source code analysis, and it scans using agents. The source code check involves static code analysis to see if things like passwords are exposed.

What is most valuable?

The most valuable feature is that it analyzes data in real-time.

The Audit Workbench allows us to analyze and see if things are okay on our end, giving us the option to manipulate the rules if needed.

The intelligence behind the static code analysis is really amazing. When we used to do code reviews we did not get that level of depth, in terms of identifying security concerns.

The user interface is really simple to use.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (487 words)

reviewer1142943

Business Development Specialist at a computer software company with 11-50 employees

Verified user of Fortify Application Defender

Jan 26, 2022

Secure, versatile cyber security technology

Pros

"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment. "

Cons

"The licensing can be a little complex. "

What is our primary use case?

I work for a local distributor for Micro Focus. We provide customers with a proof of values and we're showing them in deep dive into the main benefits of this highly technical product while trying to patch together different technologies, starting with the developing phase.

How has it helped my organization?

We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.

Read full review (423 words)

Fortify Application Defender Reviews

What is Fortify Application Defender?

Featured Fortify Application Defender reviews

Fortify Application Defender mindshare

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Fortify Application Defender with alternative products

Learn more about Fortify Application Defender

Fortify Application Defender customers

Related questions

Product Categories

Popular Comparisons

Fortify Application Defender reviews

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

What needs improvement?

For how long have I used the solution?

What do I think about the stability of the solution?

What do I think about the scalability of the solution?

Which solution did I use previously and why did I switch?

How was the initial setup?

What's my experience with pricing, setup cost, and licensing?

What other advice do I have?

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?