Micro Focus Fortify on Demand vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Micro Focus Fortify on Demand and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Micro Focus Fortify on Demand vs. OWASP Zap Report (Updated: October 2022).
655,465 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do.""The most valuable features are the server, scanning, and it has helped identify issues with the security analysis.""Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud.""Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.""The SAST feature is the most valuable.""The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution.""The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security.""While using Micro Focus Fortify on Demand we have been very happy with the results and findings."

More Micro Focus Fortify on Demand Pros →

"It updates repositories and libraries quickly.""They offer free access to some other tools.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""The solution has tightened our security.""The solution is scalable.""The stability of the solution is very good.""It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display).""Automatic scanning is a valuable feature and very easy to use."

More OWASP Zap Pros →

Cons
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access.""Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve.""The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE.""Takes up a lot of resources which can slow things down.""Integration to CI/CD pipelines could be improved. The reporting format could be more user friendly so that it is easy to read.""We have some stability issues, but they are minimal.""We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time. If you were doing all of it at regular intervals it would still consume a lot of time. This could procedure could improve.""I would like to see improvement in CI integration and integration with GitLab or Jenkins. It needs to be more simple."

More Micro Focus Fortify on Demand Cons →

"Lacks resources where users can internally access a learning module from the tool.""It would be a great improvement if they could include a marketplace to add extra features to the tool.""Reporting format has no output, is cluttered and very long.""Zap could improve by providing better reports for security and recommendations for the vulnerabilities.""The product reporting could be improved.""The forced browse has been incorporated into the program and it is resource-intensive.""The solution is unable to customize reports.""There are too many false positives."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "Their subscriptions could use a little bit of a reworking, but I am very happy with what they're able to provide."
  • "We are still using the trial version at this point but I can already see from the trial version alone that it is a good product. For others, I would say that Fortify on Demand might look expensive at the beginning, but it is very powerful and so you shouldn't be put off by the price."
  • "The price is fair compared to that of other solutions."
  • "The solution is a little expensive."
  • "We make an annual purchase of the licenses we need."
  • "The solution is expensive and the price could be reduced."
  • "The pricing model it's based on how many applications you wish to scan."
  • "Micro Focus Fortify on Demand licenses are managed by our IT team and the license model is user-based."
  • More Micro Focus Fortify on Demand Pricing and Cost Advice →

  • "This solution is open source and free."
  • "We have used the freeware version. I believe Zap only has freeware."
  • More OWASP Zap Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    655,465 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Fortify on Demand is moderately priced, but its pricing could be more flexible.
    Top Answer:Micro Focus is a bit heavy on resources and uses up a lot of my RAM. My machine tends to slow down when I use it. A beneficial additional feature would be scanning executable files. Currently, it… more »
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:The HUD is a good feature that provides on-site testing and saves a lot of time.
    Top Answer:I cannot comment on licensing costs, as a different department handles it.
    Ranking
    Views
    20,809
    Comparisons
    15,483
    Reviews
    21
    Average Words per Review
    429
    Rating
    7.9
    Views
    29,169
    Comparisons
    16,686
    Reviews
    10
    Average Words per Review
    444
    Rating
    7.1
    Comparisons
    Also Known As
    Fortify on Demand
    Learn More
    Overview

    Micro Focus Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

    Micro Focus Fortify on Demand Features

    Micro Focus Fortify on Demand has many valuable key features. Some of the most useful ones include:

    • Deployment flexibility
    • Scalability
    • Built for DevSecOps
    • Ease of use
    • Supports 27+ languages
    • Real-time vulnerability identification with
    • Security Assistant
    • Actionable results in less than 1 hour for most applications with DevOps automation
    • Expanded coverage, accuracy and remediation details with IAST runtime agent
    • Continuous application monitoring of production applications
    • Virtual patches
    • Supports iOS and Android mobile applications
    • Security vulnerability identification
    • Behavioral and reputation analysis

    Micro Focus Fortify on Demand Benefits

    There are several benefits to implementing Micro Focus Fortify on Demand. Some of the biggest advantages the solution offers include:

    • Fast remediation: With Micro Focus Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
    • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
    • Security testing: Micro Focus Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Micro Focus Fortify on Demand solution.

    Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

    A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

    Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

    A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

    PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

    OWASP ZAP (Zed Attack Proxy) is a free, open-source web application security scanner that enables software developers and testers to perform penetration testing on their applications to discover vulnerabilities and prevent hostile attacks. To date, it is one of the most searched Open Web Application Security Project (OWASP) projects, and an international group of volunteers is maintaining it. This tool is both flexible and extensible and is intended to be used by users who are new to application security as well as expert testers. For the users' convenience, OWASP ZAP has versions for each major OS and Docker platform so as not to rely on any single OS.

    OWASP ZAP focuses on being the “middle man proxy,” as it is positioned between the user’s browser and the web application. In doing so, it will intercept and examine messages that are sent between a browser and a web application. If needed, it will adjust the contents and pass those packets on to their destination. As is the case in many corporate settings, if there is already another network proxy in use, ZAP can be configured to join that proxy. A variety of add-ons for further functionality is available on ZAP Marketplace.

    OWASP ZAP offers a range of security automation options, including:

    • Docker Packaged Scans: A ZAP automation scanner that provides a lot of flexibility and makes it easy for the user to get started with the tool.

    • Quick Start Command Line: A rapid and straightforward scanner that is suitable for a quick scan.

    • API and Daemon Mode: Through a comprehensive API, this mode gives the user complete control over ZAP.

    • Automation Framework: A state-of-the-art framework that is not tied to any current container technology. This framework will, in time, take over the Command Line and the Package Scan options.

    • GitHub Actions: The ability to use any associated and available GitHub package scan.

    Benefits of OWASP ZAP

    Some of OWASP ZAP’s benefits include:

    • The ability to run an automated scan. Once set up, ZAP will deploy two spiders to crawl the web application and subsequently scan each page it finds.

    • It interprets your results and sends an automated alert. After scanning the web application, all requests and responses sent to each page are recorded. If there is a potential problem, an alert is created and sent to the user.

    • An intuitive and innovative interface. The Heads Up Display (HUD) is a new feature that provides capabilities right in the browser. It is great for people new to web security and experienced testers alike.

    Reviews from Real Users

    OWASP ZAP stands out among its competitors for a number of reasons. Among them are the solution’s automatic scanning feature, its ease of use, its ability to report vulnerabilities, and its being a free open-source solution..

    PeerSpot user Piyush S., Technical Specialist (DevOps), notes that "Automatic scanning is a valuable feature and very easy to use. The initial setup is straightforward. The solution is free due to the fact that it is open-source. The product has a strong community surrounding it to help with issues and troubleshooting. The stability of the solution is very good."

    Raj K., Business Analyst at Experion Technologies, notes, “The valuable features are that it's very simple to use and the user interface is very good, particularly for beginners so they can start the application easily. It's enough to refer to an online tutorial to be able to start using this application. It's not very complex.”

    Balaji S., Assistant Vice President at Hexaware Technologies Limited, writes, “The solution is good at reporting the vulnerabilities of the application. It can help us with security, SQL injection vulnerability, known vulnerabilities, et cetera. Any kind of a threat that we get in the development cycle, is what we will look for. This solution helps us find them.

    Many users like how the solution has improved over the years. As Alan G., CEO at Virtual Security International, notes, "It has evolved over the years, and recently in the last year they have added HUD (Heads Up Display)."

    Offer
    Learn more about Micro Focus Fortify on Demand
    Learn more about OWASP Zap
    Sample Customers
    SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
    Information Not Available
    Top Industries
    REVIEWERS
    Financial Services Firm35%
    Computer Software Company13%
    Retailer13%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Financial Services Firm17%
    Comms Service Provider10%
    Government8%
    REVIEWERS
    Computer Software Company33%
    Financial Services Firm17%
    Retailer8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Comms Service Provider17%
    Financial Services Firm8%
    Government7%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise13%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise11%
    Large Enterprise74%
    REVIEWERS
    Small Business15%
    Midsize Enterprise27%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise16%
    Large Enterprise65%
    Buyer's Guide
    Micro Focus Fortify on Demand vs. OWASP Zap
    October 2022
    Find out what your peers are saying about Micro Focus Fortify on Demand vs. OWASP Zap and other solutions. Updated: October 2022.
    655,465 professionals have used our research since 2012.

    Micro Focus Fortify on Demand is ranked 7th in Application Security Testing (AST) with 20 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 10 reviews. Micro Focus Fortify on Demand is rated 8.0, while OWASP Zap is rated 7.2. The top reviewer of Micro Focus Fortify on Demand writes "Makes it easy to discover hidden vulnerabilities in our open source libraries". On the other hand, the top reviewer of OWASP Zap writes "Open-source, easy to install, feature-rich, with good heads-up display and community resources". Micro Focus Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and Tenable.io Web Application Scanning, whereas OWASP Zap is most compared with PortSwigger Burp Suite Professional, Veracode, Acunetix, Qualys Web Application Scanning and Rapid7 AppSpider. See our Micro Focus Fortify on Demand vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.