We performed a comparison between Fortify on Demand and Parasoft SOAtest based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Audit workbench: for on-the-fly defect auditing."
"The SAST feature is the most valuable."
"The quality of application security testing reduces risk and gives very few false positives."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"Being able to reduce risk overall is a very valuable feature for us."
"Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"Every imaginable source in the entire world of information technology can be accessed and used."
"Technical support is helpful."
"Generating new messages, based on the existing .EDN and .XML messages, is a crucial part or the testing project that I’m currently in."
"The solution is scalable."
"Automatic testing is the most valuable feature."
"The testing time is shortened because we generate test data automatically with SOAtest."
"We have seen a return on investment."
"We do a lot of web services testing and REST services testing. That is the focus of this product."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"This solution would be improved if the code-quality perspective were added to it, on top of the security aspect."
"It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers."
"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"There are lots of limitations with code technology. It cannot scan .net properly either."
"The reporting capabilities need improvement, as there are some features that we would like to have but are not available at the moment."
"The product is very slow to start up, and that is a bit of a problem, actually."
"Compatibility with HTTP 1.1 and TLS 1.2 needs to be improved."
"Reports could be customized and more descriptive according to the user's or company's requirements."
"The feedback that we received from the DevOps of our organization was that the tool was a little heavy from the transformation perspective."
"From an automation point of view, it should have better clarity and be more user friendly."
"Tuning the tool takes time because it gives quite a long list of warnings."
"The performance could be a bit better."
"Enabling/disabling an optional element of an XML request is only possible if a data source (e.g., Excel sheet) is connected to the test. Otherwise, the option is not available at all in the drop-down menu."
Fortify on Demand is ranked 9th in Application Security Testing (AST) with 55 reviews while Parasoft SOAtest is ranked 28th in Application Security Testing (AST) with 30 reviews. Fortify on Demand is rated 8.0, while Parasoft SOAtest is rated 8.2. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Parasoft SOAtest writes "Reliable with a good interface but uses too much memory". Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and Fortify WebInspect, whereas Parasoft SOAtest is most compared with Postman, SonarQube, Coverity, Polyspace Code Prover and Veracode. See our Fortify on Demand vs. Parasoft SOAtest report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.