We performed a comparison between Fortify Software Security Center and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST)."This is a stable solution at the end of the day."
"The reporting is very useful because you can always view an entire list of the issues that you have."
"You can easily download the tool's rule packs and update them."
"Key features include: Cloud-based, so the installation is not so tedious. Easily deployed. Highly scalable. Comprehensive reporting."
"It is a cloud-based solution, so it is easy to scale."
"The product prevents possible vulnerabilities in our network."
"We can do scanning and submit reports straight to the customers when there are new vulnerabilities, then tell them whether they are affected or not."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"The interface is user-friendly and easy to understand."
"It works with many different products."
"It combines both web application vulnerability management and internal vulnerability management on one platform and dashboard. Usually, you have to purchase separate tools."
"This solution is difficult to implement, and it should be made more comfortable for the end-users."
"Fortify Software Security Center's setup is really painful."
"We are having issues with false positives that need to be resolved."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"There should be better visibility into the application."
"The GUI could be a little less complicated as it opens a lot of new windows for creating search lists, templates, reports, or for scanning purposes."
"In certain cases, this product does have false positives, which the company should work on."
"We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"They should try to include business logic vulnerabilities in the scanner testing."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
More Fortify Software Security Center Pricing and Cost Advice →
More Qualys Web Application Scanning Pricing and Cost Advice →
Fortify Software Security Center is ranked 27th in Application Security Testing (AST) with 3 reviews while Qualys Web Application Scanning is ranked 14th in Application Security Testing (AST) with 31 reviews. Fortify Software Security Center is rated 7.4, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Fortify Software Security Center writes "A fair-priced solution that helps with application security testing ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Fortify Software Security Center is most compared with Fortify on Demand, Tricentis Tosca, Checkmarx One and Fortify WebInspect, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.