No more typing reviews! Try our Samantha, our new voice AI agent.

Fortify Application Defender vs Trustwave App Scanner [EOL] comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortify Application Defender
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
11
Ranking in other categories
Application Security Tools (33rd)
Trustwave App Scanner [EOL]
Average Rating
7.6
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Featured Reviews

VS
CTO at Abcl
Useful for fast code review in devOps pipelines
I rate the tool's scalability a seven out of ten. However, I'm concerned about how it handles an increasing number of lines of code. As the complexity grows, so does the time it takes for the tool to review everything. I want more clarity on how Fortify Application Defender handles multiple threats. We have numerous endpoints, but the tool runs in our pipeline, meaning it operates in the cloud. All our code is configured there, and the tool runs integration testing, unit testing, user testing, and final production code tests. It's a day-to-day experience. It's utilized almost every day as part of our pipeline runs. Each team responsible for integration testing, human testing, user access testing, and preproduction testing runs it whenever they take a build.
Securityd276 - PeerSpot reviewer
Security Manager at a healthcare company with 1,001-5,000 employees
Stable solution that has increased the maturity of our security program
I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities. For the most part, it fits our needs but a little more flexibility would be great. I would also like to have more information on AI. If we start to deploy AI in our infrastructure, does it cover that as well?

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is that it analyzes data in real-time."
"The product saves us cost and time."
"Fortify Application Defender has a few drawbacks, it has its own pros and cons, but it's a good tool to use in any industry."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"This is a great tool and the kind of support it provides is very helpful."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"Go ahead and use Hailstorm as it's the best dynamic code analysis tool one can invest in and it gives a better ROI than most."
"This scanner was more efficient compared to its competitors."
"Trustwave App Scanner makes it really easy and convenient for us to notify the website owners before the scans, as well as providing the scan results."
"The simple fact that it puts us in a better place for identifying our vulnerabilities is a form of ROI."
"Web application security testing is a valuable feature."
"The stability is great. We haven't had any issues at all with it."
 

Cons

"The false positive rate should be lower."
"The licensing can be a little complex."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"Fortify Application Defender gives a lot of false positives."
"The workbench is a little bit complex when you first start using it."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"It was complex as I have to make sure all the requirements are in place before on-boarding Hailstorm."
"It doesn't support modern web technologies such as GWT, Angular, JS etc."
"Used to crash/freeze due to poor performance, not sure about newer versions."
"One feature that I would really want is the number of total applications in the web GUI; after selecting a filter on the applications, it would be really helpful if it shows the number of applications."
"I would like to see a little more flexibility with regards to setting up profiles for vulnerabilities."
 

Pricing and Cost Advice

"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."
"Fortify Application Defender is very expensive."
"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
"The base licensing costs for the SaaS platform is about $900 USD per application, per year."
"The price of this solution could be less expensive."
"The product’s price is much higher than other tools."
Information not available
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
903,257 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Construction Company
10%
Manufacturing Company
9%
Comms Service Provider
6%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise8
No data available
 

Also Known As

HPE Fortify Application Defender, Micro Focus Fortify Application Defender
Hailstorm, Cenzic Hailstorm
 

Overview

 

Sample Customers

ServiceMaster, Saltworks, SAP
Leading Health Insurer
Find out what your peers are saying about SonarSource Sàrl, Checkmarx, Veracode and others in Application Security Tools. Updated: June 2026.
903,257 professionals have used our research since 2012.