We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is very fast."
"The user interface is good."
"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"The licensing was good."
"It is an extremely robust, scalable, and stable solution."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"The solution is easy to use."
"The UI was very intuitive."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"Technical support is helpful."
"AppScan is stable."
"This is a stable solution."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"We would like a reduction in the time frame of scans. It takes us three to five days to run a scan now. We would like that reduced to under three days."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"Not fully integrated with CIT processes."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"HCL AppScan needs to improve security."
"A desktop version should be added."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"It has crashed at times."
"Many silly false positives are produced."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
Fortify on Demand is ranked 11th in Application Security Tools with 55 reviews while HCL AppScan is ranked 14th in Application Security Tools with 39 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Qualys Web Application Scanning. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.