We performed a comparison between Fortify on Demand and Tenable.io Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"Provides good depth of scanning and we get good results."
"The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The quality of application security testing reduces risk and gives very few false positives."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"It's a stable and scalable solution."
"We use the tool for our websites. We have a vulnerable subdomain. The tool helps to scan it for vulnerabilities."
"The initial setup is straightforward."
"Tenable.io Web Application Scanning is very easy to use."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"The solution's instant reports feature is the most effective for detecting threats."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"The solution is stable."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"They could provide features for artificial intelligence similar to other vendors."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
"The dashboard could be more user-friendly."
"It would be great if there were a dashboard that is more user-friendly."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"The platform's technical support services could be better."
"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."
More Tenable.io Web Application Scanning Pricing and Cost Advice →
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while Tenable.io Web Application Scanning is ranked 24th in Application Security Tools with 14 reviews. Fortify on Demand is rated 8.0, while Tenable.io Web Application Scanning is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Tenable.io Web Application Scanning writes "Highly Recommended Solution with Latest Scanning Methods". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and GitHub Advanced Security, whereas Tenable.io Web Application Scanning is most compared with Acunetix, SonarQube, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Invicti. See our Fortify on Demand vs. Tenable.io Web Application Scanning report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.