We performed a comparison between Fortify on Demand, Fortra Tripwire IP360, and Parasoft SOAtest based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The static code analyzers are the most valuable features of this solution."
"Being able to reduce risk overall is a very valuable feature for us."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."
"Tripwire IP360 is a very stable solution."
"We could manage our entire IP range with the solution."
"We can automate our scenarios in a data driven format, which shows there is no rework on scripts. We only need to update the test data and run for a number of scenarios."
"Every imaginable source in the entire world of information technology can be accessed and used."
"Since the solution has both command line and automation options, it generates good reports."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"We have seen a return on investment."
"Technical support is helpful."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"The testing time is shortened because we generate test data automatically with SOAtest."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security."
"There were some regulated compliances, which were not there."
"Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"We need to dedicate time and resources to keep it running."
"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."
"I am not very impressed by the technical support."
"Tuning the tool takes time because it gives quite a long list of warnings."
"UI testing should be more in-depth."
"Parasoft SOAtest has an internal refresh function where you can refresh the software to show the changes you’ve made in your projects. Unfortunately this function does not work properly, because it often does not show the changes after you’ve hit te refresh button a few times."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Reporting facilities can be better."
"The summary reports could be improved."
"Reports could be customized and more descriptive according to the user's or company's requirements."