We performed a comparison between Fortify on Demand and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution."
"It's a stable and scalable solution."
"I do not remember any issues with stability."
"We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients."
"The most valuable features are the server, scanning, and it has helped identify issues with the security analysis."
"The solution is very fast."
"While using Micro Focus Fortify on Demand we have been very happy with the results and findings."
"Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."
"BurpSuite helps us to identify and fix silly mistakes that are sometimes introduced by our developers in their coding."
"The solution has a great user interface."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"It was easy to learn."
"I have found this solution has more plugins than other competitors which is a benefit. You are able to attach different plugins to the security scan to add features. For example, you can check to see if there are any payment systems that exist on a server, or username and password brute force analysis."
"There is no other tool like it. I like the intuitiveness and the plugins that are available."
"This tool is more accurate than the other solutions that we use, and reports fewer false positives."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve."
"Not fully integrated with CIT processes."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes."
"I would like the solution to add AI support."
"PortSwigger Burp Suite Professional could improve the static code review."
"The Iran market does not have after-sales support. PortSwigger Burp Suite Professional needs to provide after-sales support."
"Scanning APIs using PortSwigger Burp Suite Professional takes a lot of time."
"The pricing of the solution is quite high."
"The solution’s pricing could be improved."
"I would like to see a more optimized solution, as it currently uses a lot of CPU power and memory."
"I need the solution to be more user-friendly. The solution needs to be user-friendly."
"BurpSuite has some issues regarding authentication with OAT tokens that need to be improved."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
Fortify on Demand is ranked 11th in Application Security Tools with 56 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 55 reviews. Fortify on Demand is rated 8.0, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". Fortify on Demand is most compared with SonarQube, Checkmarx One, Veracode, Coverity and Fortify WebInspect, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix and HCL AppScan. See our Fortify on Demand vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.