Fortify on Demand vs OWASP Zap comparison

You must select at least 2 products to compare!
OpenText Logo
11,982 views|8,659 comparisons
24,120 views|11,604 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Mar 20, 2023

We performed a comparison between OWASP Zap and Micro Focus Fortify on Demand based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: OWASP Zap has quick and simple installation with various options. Micro Focus Fortify on Demand has a straightforward setup, but the time varies with code size and method.
  • Features: OWASP Zap offers privacy, automatic scanning, and browser control. Micro Focus Fortify on Demand provides valuable information, easy-to-use features, and the ability to pinpoint specific vulnerabilities in the code.
  • Pricing: OWASP Zap is a freeware product. Micro Focus Fortify on Demand offers an annual licensing model based on the number of applications that will be scanned.
  • Service and Support: OWASP Zap has no official technical support, but the community forum is helpful. Micro Focus Fortify on Demand offers good support, but there have been some complaints about slow response times.
  • ROI: OWASP Zap offers a positive ROI. Micro Focus Fortify on Demand saves time and money through its automation features, allowing scans to be completed quickly through the pipeline.

Comparison Result: Based on the parameters we compared, OWASP Zap comes out ahead of Micro Focus Fortify on Demand. Although both products have valuable features and ROI, our reviewers found that Micro Focus Fortify on Demand has a more complex installation process and slower support response times.

To learn more, read our detailed Fortify on Demand vs. OWASP Zap Report (Updated: November 2023).
746,635 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The vulnerability detection and scanning are awesome features.""Provides good depth of scanning and we get good results.""The user interface is good.""What stands out to me is the user-friendliness of each feature.""Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud.""The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place.""The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution.""The solution is very fast."

More Fortify on Demand Pros →

"The product helps users to scan and fix vulnerabilities in the pipeline.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube.""It updates repositories and libraries quickly.""You can run it against multiple targets.""The product discovers more vulnerabilities compared to other tools.""The most valuable feature is scanning the URL to drill down all the different sites.""Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."

More OWASP Zap Pros →

"We have some stability issues, but they are minimal.""They have very good support, but there is always room for improvement.""An improvement would be the ability to get vulnerabilities flowing automatically into another system.""I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple.""The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE.""It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security.""Takes up a lot of resources which can slow things down.""There are many false positives identified by the solution."

More Fortify on Demand Cons →

"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time.""The work that it does in the limited scope is good, but the scope is very limited in terms of the scanning features. The number of things it tests or finds is limited. They need to make it a more of a mainstream tool that people can use, and they can even think about having it on a proprietary basis. They need to increase the coverage of the scan and the results that it finds. That has always been Zap's limitation. Zap is a very good tool for a beginner, but once you start moving up the ladder where you want further details and you want your scan to show more in-depth results, Zap falls short because its coverage falls short. It does not have the capacity to do more.""ZAP's integration with cloud-based CICD pipelines could be better. The scan should run through the entire pipeline.""There are too many false positives.""The product reporting could be improved.""Lacks resources where users can internally access a learning module from the tool.""The solution is unable to customize reports.""There isn't too much information about it online."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "The solution is expensive and the price could be reduced."
  • "The pricing model it's based on how many applications you wish to scan."
  • "Micro Focus Fortify on Demand licenses are managed by our IT team and the license model is user-based."
  • "Fortify on Demand is affordable, and its licensing comes with a year of support."
  • "There are different costs for Micro Focus Fortify on Demand depending on the assessments you want to use. There is only a standard license needed to use the solution."
  • "Fortify on Demand is moderately priced, but its pricing could be more flexible."
  • "I believe the rental license is not too expensive, but it provides a lot of information about the vulnerabilities."
  • "I'd rate it an eight out of ten in terms of pricing."
  • More Fortify on Demand Pricing and Cost Advice →

  • "We have used the freeware version. I believe Zap only has freeware."
  • "The solution’s pricing is high."
  • More OWASP Zap Pricing and Cost Advice →

    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    746,635 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:What stands out to me is the user-friendliness of each feature.
    Top Answer:Despite being on the higher end in terms of cost, the biggest value lies in its abilities, including robust features, seamless integration, and high-quality findings.
    Top Answer:It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security. This could enhance the solution… more »
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:The product helps users to scan and fix vulnerabilities in the pipeline.
    Average Words per Review
    Average Words per Review
    Also Known As
    Micro Focus Fortify on Demand
    Learn More

    Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

    Fortify on Demand Features

    Fortify on Demand has many valuable key features. Some of the most useful ones include:

    • Deployment flexibility
    • Scalability
    • Built for DevSecOps
    • Ease of use
    • Supports 27+ languages
    • Real-time vulnerability identification with
    • Security Assistant
    • Actionable results in less than 1 hour for most applications with DevOps automation
    • Expanded coverage, accuracy and remediation details with IAST runtime agent
    • Continuous application monitoring of production applications
    • Virtual patches
    • Supports iOS and Android mobile applications
    • Security vulnerability identification
    • Behavioral and reputation analysis

    Fortify on Demand Benefits

    There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

    • Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
    • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
    • Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

    Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

    A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

    Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

    A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

    PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Learn more about Fortify on Demand
    Learn more about OWASP Zap
    Sample Customers
    SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    Financial Services Firm39%
    Computer Software Company14%
    Energy/Utilities Company7%
    Financial Services Firm19%
    Computer Software Company14%
    Manufacturing Company10%
    Computer Software Company29%
    Financial Services Firm18%
    Energy/Utilities Company12%
    Computer Software Company19%
    Financial Services Firm10%
    Comms Service Provider8%
    Company Size
    Small Business26%
    Midsize Enterprise11%
    Large Enterprise62%
    Small Business16%
    Midsize Enterprise11%
    Large Enterprise73%
    Small Business15%
    Midsize Enterprise30%
    Large Enterprise55%
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    Fortify on Demand vs. OWASP Zap
    November 2023
    Find out what your peers are saying about Fortify on Demand vs. OWASP Zap and other solutions. Updated: November 2023.
    746,635 professionals have used our research since 2012.

    Fortify on Demand is ranked 9th in Application Security Testing (AST) with 19 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 11 reviews. Fortify on Demand is rated 8.0, while OWASP Zap is rated 7.2. The top reviewer of Fortify on Demand writes "Seamless integration with various platforms and products, providing a centralized and comprehensive security analysis solutionand". On the other hand, the top reviewer of OWASP Zap writes "Stable dynamic testing solution with unreliable manual processes". Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and Snyk, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, SonarQube, Acunetix, Qualys Web Application Scanning and Invicti. See our Fortify on Demand vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.