We performed a comparison between Acunetix and Fortify on Demand based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is highly stable."
"We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why."
"The tool's most valuable feature is scan configurations. We use it for external physical applications. The scanning time depends on the application's code."
"Overall, it's a very good tool and a very good engine."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"It comes equipped with an internal applicator, which automatically identifies and addresses vulnerabilities within the program."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick."
"The vulnerability detection and scanning are awesome features."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security."
"The static code analyzers are the most valuable features of this solution."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"The user interface is good."
"The solution's pricing could be better."
"It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"The solution limits the number of scans. It would be much better if we could have unlimited scans."
"The jargon used makes it difficult for project managers to understand the issues, and the technical explanations used make it difficult for developers to understand issues. These things should be simplified much more. That would be very helpful for us when explaining to them what needs to be fixed. The report output needs to be simplified."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"Acunetix needs to be dynamic with JavaScript code, unlike Netsparker which can scan complex agents."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"We have some stability issues, but they are minimal."
"Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues."
"I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."
Acunetix is ranked 16th in Application Security Tools with 26 reviews while Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews. Acunetix is rated 7.6, while Fortify on Demand is rated 8.0. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Fortify WebInspect, whereas Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Fortify WebInspect. See our Acunetix vs. Fortify on Demand report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.