Fortify Software Security Center vs OpenText Dynamic Application Security Testing vs Veracode comparison

Fortify Software Security C...

Read 204 Veracode reviews

19,783 Views
13,650 Comparison Views

90% willing to recommend

OpenText Dynamic Applicatio...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Fortify Software Security Center, OpenText Dynamic Application Security Testing, and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: August 2025).

Static Application Security Testing (SAST)

Download the complete report

Helped 867,349 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

Static Application Security Testing (SAST) Market Share Distribution
Product	Market Share (%)
Fortify Software Security Center	0.4%
SonarQube Server (formerly SonarQube)	20.3%
Checkmarx One	9.9%
Other	69.4%

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST) Market Share Distribution
Product	Market Share (%)
OpenText Dynamic Application Security Testing	17.9%
HCL AppScan	14.3%
Checkmarx One	13.5%
Other	54.3%

Dynamic Application Security Testing (DAST)

Application Security Tools Market Share Distribution
Product	Market Share (%)
Veracode	8.0%
SonarQube Server (formerly SonarQube)	20.8%
Checkmarx One	10.2%
Other	61.0%

Application Security Tools

Featured Reviews

Jonathan Steyn

Principal Technical Consultant at EOH

Comprehensive vulnerability analysis and customization features with decent pricing

Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances. WebInspect supports a number of APIs and web endpoints. I find its feature of macro recording allows for testing vulnerabilities during multi-factor authentication sessions very valuable. I appreciate the ability to further analyze data with tools like Audit Workbench.

Read full review

Navin N

Global ISO 27001 Program Lead at DXC Technology

Effective scanning of diverse file extensions with fast reporting and issue resolution

We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Read full review

Kv Rao

Site Leader (India) at Industrial Scientific

Integrates pipelines smoothly and fortifies code against vulnerabilities

I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The reporting is very useful because you can always view an entire list of the issues that you have."

"The overall rating for this tool is ten out of ten."

"This is a stable solution at the end of the day."

"Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances."

"I like the explanation of issues provided by Fortify Software Security Center."

"You can easily download the tool's rule packs and update them."

"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."

"The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients."

"The solution's technical support was very helpful."

"The user interface is ok and it is very simple to use."

"I'm sorry, but there is no review content provided to extract a quote from."

"The transaction recorder within WebInspect is easy to use, which is valuable for our team."

"Technical support has been good."

"It's a well-known platform for doing dynamic application scanning."

"There are lots of small settings and tools, like an HTTP editor, that are very useful."

More OpenText Dynamic Application Security Testing pros

"The analysis of the vulnerabilities and the results are the most valuable features."

"The product’s policy reporting for ensuring compliance with industry standards and regulations is great."

"I have found the user interface extremely helpful in prioritizing issues."

"It helps me to detect vulnerabilities."

"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."

"They also have what's called a Software Composition Analysis that can point out errors and fixes for third-party software frameworks, which is very nice."

"I believe the static analysis is Veracode's best and most valuable feature. Software composition analysis is a feature that most people don't use, and we don't use SCA for most of our applications. However, this is an essential feature because it provides insight into the third-party libraries we use."

"Veracode is a valuable tool in our secure SDLC process."

More Veracode pros

Cons

"We are having issues with false positives that need to be resolved."

"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."

"This solution is difficult to implement, and it should be made more comfortable for the end-users."

"I am not satisfied with the percentage of false positives, which is around eighteen percent."

"Improvements needed for Software Security Center include better aggregation views of datasets."

"Fortify Software Security Center's setup is really painful."

"Improvements needed for Software Security Center include better aggregation views of datasets."

"We have had a problem with authentification."

"Not sufficiently compatible with some of our systems."

"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."

"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."

"The initial setup was complex."

"Creating reports is very slow and it is something that should be improved."

"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."

"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."

More OpenText Dynamic Application Security Testing cons

"I would like Veracode to add more language support."

"I would also like to see some improvement in the speed. That is really the only complaint, but in all reality we have a massive Java application that needs to be scanned. Our developers are saying, "It takes 72 hours to scan it." That is probably the nature of the beast, and I'm actually pretty accepting of that time frame, but since it's a complaint that I get, faster is always better. I don't necessarily think that the speed is bad as it is, just that faster would be better."

"It's very expensive for a small organization."

"Veracode can improve the licensing model as it is a bit confusing."

"I haven't heard about any problems so far. However, it would be great if Veracode automatically packaged stuff up for you."

"When Veracode updates the pool of tests and security checks, it could be a little more transparent about what it is releasing. It's not clear what it's adding. They do thousands of checks, and when they add more, there aren't many details about what the new tests are doing."

"Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans."

"They need to have a plug-in, a better integration with the development environment."

More Veracode cons

Pricing and Cost Advice

"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."

"This is a costly solution that could be cheaper."

"The solution is priced fair."

"The pricing is not clear and while it is not high, it is difficult to understand."

"Fortify WebInspect is a very expensive product."

"This solution is very expensive."

"It’s a fair price for the solution."

"The price is okay."

"Our licensing is such that you can only run one scan at a time, which is inconvenient."

"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."

"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."

"The Veracode price model is based on application profiles, which is how you package your components for scanning."

"I found Veracode very expensive, though I'm not the person paying for it. I was surprised to find out how much the subscription costs and that the executive board approved it, but it was a no-brainer because now my company has better security scans."

"Veracode provides value for the cost, with no additional charges apart from the standard licensing fee."

"The pricing of the product depends upon the number of codes or the number of applications."

"Compared to the typical software composition analysis solutions, Veracode is not so costly, although the static analysis part of it is a little costlier."

"Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."

"From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

867,349 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

17%

Financial Services Firm

14%

Computer Software Company

11%

Government

Financial Services Firm

15%

Government

15%

Manufacturing Company

13%

Computer Software Company

10%

Financial Services Firm

16%

Computer Software Company

16%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	3
Midsize Enterprise	1
Large Enterprise	3

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	1
Large Enterprise	15

By reviewers
Company Size	Count
Small Business	69
Midsize Enterprise	43
Large Enterprise	112

Questions from the Community

What is your experience regarding pricing and costs for Micro Focus Software Security Center?

In the beginning, it was difficult for me to verify that our usage of Fortify Software Security Center corresponded t...

What needs improvement with Micro Focus Software Security Center?

I would like the false positive issue to diminish. I have experienced a lot of false positives, but I think this is d...

What is your primary use case for Micro Focus Software Security Center?

They use it to scan applications and fix bugs, which are my customers' main use cases for Fortify Software Security C...

What is your experience regarding pricing and costs for Fortify WebInspect?

While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs be...

What needs improvement with Fortify WebInspect?

WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applic...

What is your primary use case for Fortify WebInspect?

I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite f...

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...

What do you like most about Veracode?

The SAST and DAST modules are great.

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and da...

OpenText Core Application Security vs Fortify Software Security Center

Comparisons

Compared 44% of the time

Acunetix vs Fortify Software Security Center

Compared 31% of the time

Semgrep vs Fortify Software Security Center

Compared 13% of the time

GitLab vs Fortify Software Security Center

Compared 12% of the time

More Fortify Software Security Center Competitors

PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing

Compared 17% of the time

OWASP Zap vs OpenText Dynamic Application Security Testing

Compared 11% of the time

Qualys Web Application Scanning vs OpenText Dynamic Application Security Testing

Compared 8% of the time

PortSwigger Burp Suite Enterprise Edition vs OpenText Dynamic Application Security Testing

Compared 8% of the time

OpenText Core Application Security vs OpenText Dynamic Application Security Testing

Compared 7% of the time

More OpenText Dynamic Application Security Testing Competitors

SonarQube Server (formerly SonarQube) vs Veracode

Compared 16% of the time

Checkmarx One vs Veracode

Compared 9% of the time

GitHub Advanced Security vs Veracode

Compared 7% of the time

OpenText Core Application Security vs Veracode

Compared 4% of the time

OWASP Zap vs Veracode

Compared 4% of the time

More Veracode Competitors

Product Reports

Static Application Security Testing (SAST)

Download Fortify Software Security Center product report

OpenText Dynamic Application Security Testing

Download OpenText Dynamic Application Security Testing product report

OpenText Dynamic Application Security Testing report

Download Veracode product report

Also Known As

Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect

Micro Focus WebInspect, WebInspect

Crashtest Security , Veracode Detect

Overview

Software Security Center enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.

OpenText

OpenText Dynamic Application Security Testing offers robust scalability, ease of use, and high accuracy in scanning, making it a valuable tool for enterprises.

This security testing platform is known for its centralized dashboard, guided scans, and comprehensive reporting. It integrates seamlessly with tools like Fortify code scanner and supports extensive vulnerability detection and analysis, enhancing efficiency in security management. Despite its strengths, users suggest improvements in cloud integration, cost-effectiveness, and installation processes. Faster scans, reduced false positives, and improved mobile testing features are also desired.

What are the key features of OpenText Dynamic Application Security Testing?

Scalability: Easily adapts to changing enterprise needs.
Ease of Use: User-friendly interface with guided scans.
Comprehensive Reporting: Detailed vulnerability analysis and reporting.
Integration Capabilities: Works with Fortify code scanner and user authentication scanning.
Wide Vulnerability Detection: Identifies extensive security vulnerabilities.

What benefits should users expect from reviews?

Efficient Vulnerability Management: Streamlines security management in development environments.
Detailed Analysis: Provides in-depth insights into security issues.
Quick Setup: Easy to deploy within existing systems.
Enterprise Preference: Supports enterprise environments efficiently.

In industries like BFSI, OpenText Dynamic Application Security Testing is employed for performance network application testing, dynamic and static application security testing, and code checks. Security and QA teams use it in development processes to ensure application security prior to release, proving integral in both enterprise and testing environments.

OpenText

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon

Aaron's

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Static Application Security Testing (SAST)