We performed a comparison between Fortify Application Defender and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"The product saves us cost and time."
"The most valuable feature is that it analyzes data in real-time."
"The solution helped us to improve the code quality of our organization."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The vulnerability management feature is a strong one. And also the patch management feature."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"It is a good product for website penetration testing to detect vulnerabilities."
"The interface is user-friendly and easy to understand."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"The Qualys Web Application Scanning solution offers a single comprehensive console and consolidated reporting, covering all aspects from on-prem to cloud and compliance, etcetera."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The workbench is a little bit complex when you first start using it."
"The false positive rate should be lower."
"Support for older compilers/IDEs is lacking."
"The licensing can be a little complex."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"There could be better management and faster scanning."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The solution needs to adjust its pricing. They should make it more affordable."
"The product should allow users to upload their payloads."
"The scanner reports a lot of false positives, which is something that needs to be improved."
"There should be better visibility into the application."
More Qualys Web Application Scanning Pricing and Cost Advice →
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while Qualys Web Application Scanning is ranked 19th in Application Security Tools with 31 reviews. Fortify Application Defender is rated 7.8, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, SonarQube and Fortify on Demand, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube and PortSwigger Burp Suite Professional. See our Fortify Application Defender vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.