Fortify Software Security Center vs OpenText Dynamic Application Security Testing vs Veracode comparison

Fortify Software Security C...

Read 204 Veracode reviews

19,783 Views
13,650 Comparison Views

90% willing to recommend

OpenText Dynamic Applicatio...

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Fortify Software Security Center, OpenText Dynamic Application Security Testing, and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST).

To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: August 2025).

Static Application Security Testing (SAST)

Download the complete report

Helped 867,349 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

Static Application Security Testing (SAST) Market Share Distribution
Product	Market Share (%)
Fortify Software Security Center	0.4%
SonarQube Server (formerly SonarQube)	20.3%
Checkmarx One	9.9%
Other	69.4%

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST) Market Share Distribution
Product	Market Share (%)
OpenText Dynamic Application Security Testing	17.9%
HCL AppScan	14.3%
Checkmarx One	13.5%
Other	54.3%

Dynamic Application Security Testing (DAST)

Application Security Tools Market Share Distribution
Product	Market Share (%)
Veracode	8.0%
SonarQube Server (formerly SonarQube)	20.8%
Checkmarx One	10.2%
Other	61.0%

Application Security Tools

Featured Reviews

Jonathan Steyn

Principal Technical Consultant at EOH

Comprehensive vulnerability analysis and customization features with decent pricing

Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances. WebInspect supports a number of APIs and web endpoints. I find its feature of macro recording allows for testing vulnerabilities during multi-factor authentication sessions very valuable. I appreciate the ability to further analyze data with tools like Audit Workbench.

Read full review

Navin N

Global ISO 27001 Program Lead at DXC Technology

Effective scanning of diverse file extensions with fast reporting and issue resolution

We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Read full review

Kv Rao

Site Leader (India) at Industrial Scientific

Integrates pipelines smoothly and fortifies code against vulnerabilities

I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I like the explanation of issues provided by Fortify Software Security Center."

"This is a stable solution at the end of the day."

"The overall rating for this tool is ten out of ten."

"Software Security Center is highly customizable and helps me test all vulnerability data against the latest conventions like OWASP Top Ten, CVE Top twenty-five, and several other legal compliances."

"You can easily download the tool's rule packs and update them."

"The reporting is very useful because you can always view an entire list of the issues that you have."

"Fortify Analytics' AI function helps scan and provides more detailed explanations and recommendations about vulnerabilities."

"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."

"The solution is easy to use."

"There are lots of small settings and tools, like an HTTP editor, that are very useful."

"It's a well-known platform for doing dynamic application scanning."

"It is easy to use, and its reporting is fairly simple."

"Good at scanning and finding vulnerabilities."

"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."

"Technical support has been good."

More OpenText Dynamic Application Security Testing pros

"Veracode's integration with our continuous integration solution is what I've found to be the most valuable feature. It is easy to connect the two and to run scans in an automated way without needing as much manual intervention."

"In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application."

"Ours is a Java-based application and Veracode can detect vulnerabilities in both Angular, which is used for the UI, and also in the backend code, which includes APIs and microservices."

"Veracode has a nice API that they provide to allow for custom things to be built, or automation. We actually have integrated Veracode into our software development cycle using their API. We actually are able to automatically, every time a new build of a software is completed, submit that application, kick off a scan, and we get results in a much more automated fashion."

"It does software composition analysis, discovering open source software weaknesses."

"The integration capabilities with our existing development tools are very good."

"I appreciate the integration provided by Veracode that seamlessly integrates with our CI/CD tools and allows us to integrate with IPA as well."

"The solution is stable. we've never had any issues surrounding its stability."

More Veracode pros

Cons

"We are having issues with false positives that need to be resolved."

"This solution is difficult to implement, and it should be made more comfortable for the end-users."

"Improvements needed for Software Security Center include better aggregation views of datasets."

"I am not satisfied with the percentage of false positives, which is around eighteen percent."

"Fortify Software Security Center's setup is really painful."

"The product's overlap feature is restrictive and requires more customization efforts, which can be expensive."

"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."

"I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them."

"There are some file extensions, like .SER, that Fortify WebInspect doesn't scan."

"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."

"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."

"The scanner could be better."

"We have often encountered scanning errors."

"The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate."

More OpenText Dynamic Application Security Testing cons

"Maybe the pipeline scanning doesn't support enough languages. It might only support Java and Python only, so that could be improved."

"The scanning could be a little faster. The process around three or four minutes, but it would help if it could be further reduced."

"Scheduling can be a little difficult. For instance, if you set up recurring scheduled scans and a developer comes in and says, "Hey, I have this critical release that happened outside of our normal release patterns and they want you to scan it," we actually have to change our schedule configuration and that means we lose the recurring scheduling settings we had."

"I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results."

"The solution should include monthly guidelines, a calendar, or a newsletter highlighting the top vulnerabilities and how to resolve them using Veracode. Its policies should be up-to-date with NIST standards and OWASP policies."

"Maybe the boards could be made easier to understand or easier to customize."

"If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."

"The interface is basic and has room for improvement."

More Veracode cons

Pricing and Cost Advice

"The solution is priced fair."

"This is a costly solution that could be cheaper."

"As a Fortify partner company providing technical support, I find the product expensive in our country, where local, inexpensive products are available."

"Fortify WebInspect is a very expensive product."

"The pricing is not clear and while it is not high, it is difficult to understand."

"It’s a fair price for the solution."

"The price is okay."

"This solution is very expensive."

"Our licensing is such that you can only run one scan at a time, which is inconvenient."

"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."

"Its cost for what we needed it for was too high. It wasn't too high for other companies and it was competitively priced, but for us, it just didn't fit. We did plan to use it and increase the usage. In the end, it may have been abandoned because of the cost, but I'm not a hundred percent sure. So, even though we had planned on using it more and more, because of the cost and the business conditions of things, we didn't have the opportunity to really use it more."

"It is an expensive solution, but it's the best solution available on the market. If you want something at the top, you have to pay a bit more than the average."

"Veracode's price is reasonable."

"Licensing is pretty flexible. It's a little bit weird, it's by the size of the binary, which is a strange way to license a product. So far they've been pretty flexible about it."

"When I looked at the pricing, it was definitely a value. In terms of the service and what it's checking, the cost was very reasonable, particularly because we could have multiple code bases as part of a project."

"The licensing cost for Veracode is fair."

"Pricing/licensing is complicated."

"It is expensive. It depends on the use case, but it is very hard to find a pricing page on their website. Instead, they need to analyze your use case, but without knowing the entire project and how you're going to be using Veracode, how many scans you're going to do, if yours is a small business, it is very expensive and it affects ROI."

More Veracode pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See recommendations

867,349 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

17%

Financial Services Firm

14%

Computer Software Company

11%

Government

Financial Services Firm

15%

Government

15%

Manufacturing Company

13%

Computer Software Company

10%

Financial Services Firm

16%

Computer Software Company

16%

Manufacturing Company

Insurance Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	3
Midsize Enterprise	1
Large Enterprise	3

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	1
Large Enterprise	15

By reviewers
Company Size	Count
Small Business	69
Midsize Enterprise	43
Large Enterprise	112

Questions from the Community

What is your experience regarding pricing and costs for Micro Focus Software Security Center?

In the beginning, it was difficult for me to verify that our usage of Fortify Software Security Center corresponded t...

What needs improvement with Micro Focus Software Security Center?

I would like the false positive issue to diminish. I have experienced a lot of false positives, but I think this is d...

What is your primary use case for Micro Focus Software Security Center?

They use it to scan applications and fix bugs, which are my customers' main use cases for Fortify Software Security C...

What is your experience regarding pricing and costs for Fortify WebInspect?

While I am not directly involved with licensing, I can share that our project's license for 1-9 applications costs be...

What needs improvement with Fortify WebInspect?

WebInspect works efficiently with Java-based or .NET based applications. However, it struggles with Salesforce applic...

What is your primary use case for Fortify WebInspect?

I am currently working with several tools. For Fortify, I use SCA and WebInspect. Apart from that, I use Burp Suite f...

Which gives you more for your money - SonarQube or Veracode?

SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...

What do you like most about Veracode?

The SAST and DAST modules are great.

What is your experience regarding pricing and costs for Veracode?

The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and da...

OpenText Core Application Security vs Fortify Software Security Center

Comparisons

Compared 44% of the time

Acunetix vs Fortify Software Security Center

Compared 31% of the time

Semgrep vs Fortify Software Security Center

Compared 13% of the time

GitLab vs Fortify Software Security Center

Compared 12% of the time

More Fortify Software Security Center Competitors

PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing

Compared 17% of the time

OWASP Zap vs OpenText Dynamic Application Security Testing

Compared 11% of the time

Qualys Web Application Scanning vs OpenText Dynamic Application Security Testing

Compared 8% of the time

PortSwigger Burp Suite Enterprise Edition vs OpenText Dynamic Application Security Testing

Compared 8% of the time

OpenText Core Application Security vs OpenText Dynamic Application Security Testing

Compared 7% of the time

More OpenText Dynamic Application Security Testing Competitors

SonarQube Server (formerly SonarQube) vs Veracode

Compared 16% of the time

Checkmarx One vs Veracode

Compared 9% of the time

GitHub Advanced Security vs Veracode

Compared 7% of the time

OpenText Core Application Security vs Veracode

Compared 4% of the time

OWASP Zap vs Veracode

Compared 4% of the time

More Veracode Competitors

Product Reports

Static Application Security Testing (SAST)

Download Fortify Software Security Center product report

OpenText Dynamic Application Security Testing

Download OpenText Dynamic Application Security Testing product report

OpenText Dynamic Application Security Testing report

Download Veracode product report

Also Known As

Micro Focus Software Security Center, Application Security Center, HPE Application Security Center, WebInspect

Micro Focus WebInspect, WebInspect

Crashtest Security , Veracode Detect

Overview

Software Security Center enables management, development, and security teams to work together to triage, track, validate, automate, and manage software security activities.

OpenText

OpenText Dynamic Application Security Testing offers robust scalability, ease of use, and high accuracy in scanning, making it a valuable tool for enterprises.

This security testing platform is known for its centralized dashboard, guided scans, and comprehensive reporting. It integrates seamlessly with tools like Fortify code scanner and supports extensive vulnerability detection and analysis, enhancing efficiency in security management. Despite its strengths, users suggest improvements in cloud integration, cost-effectiveness, and installation processes. Faster scans, reduced false positives, and improved mobile testing features are also desired.

What are the key features of OpenText Dynamic Application Security Testing?

Scalability: Easily adapts to changing enterprise needs.
Ease of Use: User-friendly interface with guided scans.
Comprehensive Reporting: Detailed vulnerability analysis and reporting.
Integration Capabilities: Works with Fortify code scanner and user authentication scanning.
Wide Vulnerability Detection: Identifies extensive security vulnerabilities.

What benefits should users expect from reviews?

Efficient Vulnerability Management: Streamlines security management in development environments.
Detailed Analysis: Provides in-depth insights into security issues.
Quick Setup: Easy to deploy within existing systems.
Enterprise Preference: Supports enterprise environments efficiently.

In industries like BFSI, OpenText Dynamic Application Security Testing is employed for performance network application testing, dynamic and static application security testing, and code checks. Security and QA teams use it in development processes to ensure application security prior to release, proving integral in both enterprise and testing environments.

OpenText

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
Scalability - Supports organizations with large-scale application portfolios.
Compliance support - Ensures applications meet various security standards and regulations.
Developer training - Provides tools for educating developers on secure coding practices.
Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.

Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Sample Customers

Neosecure, Acxiom, Skandinavisk Data Center A/S, Parkeon

Aaron's

Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.

Static Application Security Testing (SAST)