We performed a comparison between Fortify on Demand, HCL AppScan, and Ixia BreakingPoint based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"Audit workbench: for on-the-fly defect auditing."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."
"We are now deploying less defects to production."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"We use it as a security testing application."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The static scans are good, and the SaaS as well."
"The UI was very intuitive."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"The solution offers services in a few specific development languages."
"There is a virtual version of the product which is scaled to 100s of virtual testing blades."
"The solution has many protocols and options, making it very flexible."
"I like that we can test cloud applications."
"The DDoS testing module is useful and quick to use."
"It is a scalable solution."
"We use Ixia BreakingPoint for Layer 7 traffic generation. That's what we like."
"The most valuable feature of Ixia BreakingPoint is the ransomware and malware database for simulated attacks."
"The solution has some issues with latency. Sometimes it takes a while to respond. This issue should be addressed."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"We have some stability issues, but they are minimal."
"Reporting could be improved."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The pricing has room for improvement."
"There is not a central management for static and dynamic."
"It has crashed at times."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"They could add a software component analysis tool."
"A desktop version should be added."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"The integration could improve in Ixia BreakingPoint."
"The quality of the traffic generation could be improved with Ixia BreakingPoint, i.e. to get closer to being accurate in what a real user will do."
"The solution originally was hard to configure; I'm not sure if they've updated this to make it simpler, but if not, it's something that could be streamlined."
"The production traffic simulations are not realistic enough for some types of DDoS attacks."
"I would appreciate some preconfigured network neighborhoods, which are predefined settings for testing networks."
"They should improve UI mode packages for the users."
"The price could be better."
