OpenText Core Application Security vs Seeker comparison

The compared OpenText and Black Duck solutions aren't in the same category. OpenText is ranked #14 in AS , with an average rating of 8.0, and holds a 4.3% mindshare in the category. Black Duck is ranked #18 in IS , and holds a 0.1% mindshare. Additionally, 89% of OpenText users are willing to recommend the solution, compared to 100% of Black Duck users who would recommend it.

OpenText Core Application S...

Read 60 OpenText Core Application Security reviews

7,934 Views
5,792 Comparison Views

89% willing to recommend

Seeker

Read 1 Seeker review

800 Views
8 Comparison Views

100% willing to recommend

OpenText Core Application S...

Seeker

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between OpenText Core Application Security and Seeker based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.

To learn more, read our detailed Application Security Tools Report (Updated: July 2025).

Buyer's Guide

Application Security Tools

July 2025

Download the complete report

Helped 862,543 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

OpenText Core Application S...

Average Rating

8.0

Reviews Sentiment

7.8

Number of Reviews

Ranking in other categories

Application Security Tools (14th), Static Application Security Testing (SAST) (12th)

Seeker

Average Rating

7.0

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Internet Security (18th), Mobile Threat Defense (14th), API Security (21st)

Mindshare comparison

OpenText Core Application Security and Seeker aren’t in the same category and serve different purposes. OpenText Core Application Security is designed for Application Security Tools and holds a mindshare of 4.3%, down 5.1% compared to last year.
Seeker, on the other hand, focuses on Internet Security, holds 0.1% mindshare.

Application Security Tools

Internet Security

Featured Reviews

Jonathan Steyn

Principal Technical Consultant at EOH

Source code analyzer, FPR file generation, reduction of false positives and generates compliance reports, for in-depth analysis

Not challenges with the product itself. The product is very reliable. It does have a steep learning curve. But, again, one thing that Fortify or OpenText does very well is training. There are a lot of free resources and training in the community forums, free training as well as commercial training where users can train on how to use the back-end systems and the scanning engines and how to use command-line arguments because some of the procedures or some of the tools do require a bit of a learning curve. That's the only challenge I've really seen for customers because you have to learn how to use the tool effectively. But Fortify has, in fact, improved its user interface and the way users engage the dashboards and the interfaces. It is intuitive. It's easy to understand. But in some regards, the cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions. But from the point of the reliability index and how powerful the tool is, there's no challenge there. But it's just from a learning perspective; users might need a bit more skill to use the tool. The user interface isn't that tedious. It's not that difficult to understand. When I initially learned how to use the interfaces, I was able to master it within a week and was able to use it quite effectively. So training is required. All skills are needed to learn how to use the tool. I would like to see more enhancements in the dashboards. Dashboards are available. They do need some configuration and settings. But I would like to see more business intelligence capabilities within the tool. It's not particularly a cybersecurity function, but, for instance, business impact analysis or other features where you can actually use business intelligence capabilities within your security tool. That would be remarkable because not only do you have a cybersecurity tool, but you also have a tool that can give you business impact analysis and some other measurements. A bit more intelligence in terms of that from a cybersecurity perspective would be remarkable.

Read full review

San K

Senior Group Leader at Infosys

More effective than dynamic scanners, but is missing useful learning capabilities

One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need. The purposes for which applications are designed may differ in practice in the industry, and because of this, there will always be tools that sometimes report false positives. Thus, there should be some means with which I can customize the way that Seeker learns about our applications, possibly by using some kind of AI / ML capability within the tool that will automatically reduce the number of false positives that we get as we use the tool over time. Obviously, when we first start using the scanning tool there will be false positives, but as it keeps going and as I keep using the tool, there should be a period of time where either the application can learn how to ignore false positives, or I can customize it do so. Adding this type of functionality would definitely prevent future issues when it comes to reporting false positives, and this is a key area that we have already asked the vendor to improve on, in general. On a different note, there is one feature that isn't completely available right now where you can integrate Seeker with an open-source vulnerability scanner or composition analysis tool such as Black Duck. I would very much like this capability to be available to us out-of-the-box, so that we can easily integrate with tools like Black Duck in such a way that any open source components that are used in the front-end are easily identified. I think this would be a huge plus for Seeker. Another feature within Seeker which could benefit from improvement is active verification, which lets you actively verify a vulnerability. This feature currently doesn't work in certain applications, particularly in scenarios where you have requested tokens. When we bought the tool, we didn't realize this and we were not told about it by the vendor, so initially it was a big challenge for us to overcome it and properly begin our deployment.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."

"Being able to reduce risk overall is a very valuable feature for us."

"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."

"We have the option to test applications with or without credentials."

"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."

"This product is top-notch solution and the technology is the best on the market."

"The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them."

"The solution is very fast."

More OpenText Core Application Security pros

"A significant advantage of Seeker is that it is an interactive scanner, and we have found it to be much more effective in reducing the amount of false positives than dynamic scanners such as AppScan, Micro Focus Fortify, etc. Furthermore, with Seeker, we are finding more and more valid (i.e. "true") positives over time compared with the dynamic scanners."

Cons

"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."

"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."

"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."

"The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools."

"There are lots of limitations with code technology. It cannot scan .net properly either."

"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."

"They have very good support, but there is always room for improvement."

"There is room for improvement in the integration process."

More OpenText Core Application Security cons

"One area that Seeker can improve is to make it more customizable. All security scanning tools have a defined set of rules that are based on certain criteria which they will use to detect issues. However, the criteria that you set initially is not something that all applications are going to need."

Pricing and Cost Advice

"There are different costs for Micro Focus Fortify on Demand depending on the assessments you want to use. There is only a standard license needed to use the solution."

"The subscription model, on a per-scan basis, is a bit expensive. That's another reason we are not using it for all the apps."

"The solution is a little expensive."

"The solution is expensive and the price could be reduced."

"The pricing can be improved because it is complex when compared to the competition."

"We are still using the trial version at this point but I can already see from the trial version alone that it is a good product. For others, I would say that Fortify on Demand might look expensive at the beginning, but it is very powerful and so you shouldn't be put off by the price."

"If I exceed one million lines of code, there might be an extra cost or a change in the pricing bracket."

"Their subscriptions could use a little bit of a reworking, but I am very happy with what they're able to provide."

More OpenText Core Application Security pricing and cost advice

"The licensing for Seeker is user-based and for 50 users I believe it costs about $70,000 per year."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

862,543 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Manufacturing Company

15%

Computer Software Company

11%

Government

Financial Services Firm

19%

Government

15%

Computer Software Company

13%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about Micro Focus Fortify on Demand?

It helps deploy and track changes easily as per time-to-time market upgrades.

See all answers

What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?

In comparison with other tools, they're competitive. It is not more expensive than other solutions, but their pricing is competitive. The licenses for Fortify On Demand are generally bought in unit...

See all answers

What needs improvement with Micro Focus Fortify on Demand?

There are frequent complaints about false positives from Fortify. One day it may pass a scan with no issues, and the next day, without any code changes, it will report vulnerabilities such as passw...

See all answers

Ask a question

Earn 20 points

Comparisons

SonarQube Server (formerly SonarQube) vs OpenText Core Application Security

Compared 17% of the time

Checkmarx One vs OpenText Core Application Security

Compared 12% of the time

Coverity vs OpenText Core Application Security

Compared 11% of the time

Veracode vs OpenText Core Application Security

Compared 11% of the time

GitHub Advanced Security vs OpenText Core Application Security

Compared 8% of the time

More OpenText Core Application Security Competitors

Contrast Security Assess vs Seeker

Compared 42% of the time

Coverity vs Seeker

Compared 26% of the time

PortSwigger Burp Suite Professional vs Seeker

Compared 17% of the time

Checkmarx One vs Seeker

Compared 15% of the time

More Seeker Competitors

Product Reports

Buyer's Guide

OpenText Core Application Security

July 2025

OpenText Core Application Security report

Download OpenText Core Application Security product report

Buyer's Guide

Internet Security

June 2025

Download Seeker product report

Also Known As

Micro Focus Fortify on Demand

No data available

Overview

OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.

OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.

What features define OpenText Core Application Security?

Static and Dynamic Scanning: Offers thorough analysis to identify vulnerabilities during development.
Real-time Vulnerability Tracking: Continuously updates and monitors potential security threats.
Seamless Development Platform Integration: Enhances security processes without disrupting workflows.
Cloud-Based Service: Provides flexible, on-demand security capabilities with accurate results.
API Support: Allows smooth integration and automation within existing systems.

What benefits should users look for in reviews?

Reduced Operational Costs: Optimizes resources by lowering costs associated with security management.
Efficient Remediation: Speeds up the process of identifying and resolving vulnerabilities.
Enhanced Code Security: Strengthens overall application security during the development lifecycle.
Accelerated Time-to-Market: Streamlines development stages by integrating essential security tools.

Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.

OpenText

Seeker®, interactive application security testing (IAST) solution, gives you unparalleled visibility into your modern web, cloud based and microservices based app security posture. It automatically verifies, prioritizes and reports on critical vulnerabilities in real time. It identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive data to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Seeker’s seamless integration into CI/CD workflows enables fast interactive application security testing at DevOps speed.

Black Duck

Sample Customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

El Al Airlines and Société Française du Radiotelephone

Buyer's Guide

Application Security Tools

July 2025

Download Free Report

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: July 2025.

DOWNLOAD NOW

862,543 professionals have used our research since 2012.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.