We performed a comparison between Fortify on Demand and NowSecure based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."We have the option to test applications with or without credentials."
"It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support."
"The static code analyzers are the most valuable features of this solution."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"The vulnerability detection and scanning are awesome features."
"It has saved us a lot of time as we focus primarily on programming rather than tool operational work."
"The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."
"They could provide features for artificial intelligence similar to other vendors."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities."
".NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"Not fully integrated with CIT processes."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"
Earn 20 points
Fortify on Demand is ranked 9th in Application Security Testing (AST) with 56 reviews while NowSecure is ranked 32nd in Application Security Testing (AST). Fortify on Demand is rated 8.0, while NowSecure is rated 7.0. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of NowSecure writes "Scalable and reliable, but dynamic analysis needs improvement". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Fortify WebInspect, whereas NowSecure is most compared with Veracode, Data Theorem API Secure , GitLab, Acunetix and Checkmarx One.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.