We performed a comparison between Fortify Application Defender and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The most valuable feature is that it analyzes data in real-time."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The most valuable features of Fortify Application Defender are the code packages that are default."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The product saves us cost and time."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The CSCA vulnerability scanning is useful."
"It scans for the OWASP top-10 security flaws at the dynamic level and, at the static level, it scans for all the warnings so that developers can fix the code before we go to UAT or the next phase."
"The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly."
"I liked that I could easily find out where my errors were. Instead of going through the whole code and the scripts, it showed me where the errors were and gave me an idea of how to fix them."
"The innovative features offered by Veracode are excellent."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"The most valuable feature of Veracode Static Analysis is the scanning."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"Support for older compilers/IDEs is lacking."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"Fortify Application Defender gives a lot of false positives."
"The solution is quite expensive."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The licensing can be a little complex."
"The false positive rate should be lower."
"From what we have seen of Veracode's SCA offering, it is just average."
"The scanning on the UI portion of our applications is straightforward, but folks were having challenges with scans that involved microservices. They had to rope in an expert to have it sorted."
"The solution does not support Dynamic Application Security Testing."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"There should be more control for administrative users so that we can add and delete any functionality or module within the platform. We should not have to reach out to Veracode's customer support every time. We should be able to customize our modules."
"The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it."
"All areas of the solution could use some improvement."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
Fortify Application Defender is ranked 34th in Application Security Tools with 10 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. Fortify Application Defender is rated 8.0, while Veracode is rated 8.2. The top reviewer of Fortify Application Defender writes "Reliable solution with excellent machine learning algorithms but expensive and lacking support". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Fortify Application Defender is most compared with Checkmarx One, Coverity, CAST Application Intelligence Platform, SonarQube and Acunetix, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Fortify Application Defender vs. Veracode report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
