We performed a comparison between Fortify on Demand, OWASP Zap, and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST).
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"Being able to reduce risk overall is a very valuable feature for us."
"It is an extremely robust, scalable, and stable solution."
"It's a stable and scalable solution."
"The scanning capabilities, particularly for our repositories, have been invaluable."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"It improves future security scans."
"It's great that we can use it with Portswigger Burp."
"The interface is easy to use."
"Fuzzer and Java APIs help a lot with our custom needs."
"It has improved my organization with faster security tests."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"It updates repositories and libraries quickly."
"Automatic scanning is a valuable feature and very easy to use."
"The solution is good at reporting the vulnerabilities of the application."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"You can download different plugins if you don't have them in the standard edition."
"The most valuable feature of PortSwigger Burp Suite Professional is the dashboard. It is very informative and you can receive all the information you need in one place. It's clear, well-defined, and organized. Anybody without any cybersecurity can use it."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The intercepting feature is the most valuable."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"With the Extender Tab, if you know how to code then you can create a plugin and add it to Burp."
"The automated scan is what I find most useful because a lot of customers will need it. Not every domain will be looking for complete security, they just need a stamp on the security key. For these kinds of customers, the scan works really well."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"Reporting could be improved."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve."
"It doesn't run on absolutely every operating system."
"It would be nice to have a solid SQL injection engine built into Zap."
"As security evolves, we would like DevOps built into it. As of now, Zap does not provide this."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"Reporting format has no output, is cluttered and very long."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"I would like to see the return of the spider mechanism instead of the crawling feature. Burp Suite's earlier version 1.7 had an excellent spider option, and it would be beneficial if Burp incorporated those features into the current version. The crawling techniques used in the current version are not as efficient as those used in earlier versions."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
"The price could be better. The rest is fine."
"The technical support team's response time is mostly delayed and should be improved."
"If your application uses multi-factor authentication, registration management cannot be automated."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"The Auto Scanning features should be updated more frequently and should include the latest attack vectors."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
