IT Central Station is now PeerSpot: Here's why

Micro Focus Fortify on Demand vs Qualys Web Application Scanning comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Buyer's Guide
Micro Focus Fortify on Demand vs. Qualys Web Application Scanning
July 2022
Find out what your peers are saying about Micro Focus Fortify on Demand vs. Qualys Web Application Scanning and other solutions. Updated: July 2022.
619,967 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards.""My experience with Veracode across the board every time, in all products, the technology, the product, the service, and the salespeople is fabulous.""You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs.""The static scan is the feature that we use the most, as it gives us insight into our source code. We have it integrated with our continuous integration, continuous delivery system, so we can get insight quickly.""Good static analysis and dynamic analysis.""There are quite a few features that are very reliable, like the newly launched Veracode Pipelines Scan, which is pretty awesome. It supports the synchronous pipeline pretty well. We been using it out of the Jira plugin, and that is fantastic.""Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.""It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."

More Veracode Pros →

"Being able to reduce risk overall is a very valuable feature for us.""It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support.""One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that.""While using Micro Focus Fortify on Demand we have been very happy with the results and findings.""The vulnerability detection and scanning are awesome features.""Fortify on Demand can be scaled very easily.""Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning.""It is an extremely robust, scalable, and stable solution."

More Micro Focus Fortify on Demand Pros →

"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers.""It works with many different products.""I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews.""The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours.""It is easy to use.""Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile).""It is a very stable solution."

More Qualys Web Application Scanning Pros →

Cons
"The pricing for qualified startups such as Neo4j could be improved.""The product has issues with scanning.""Sometimes, I get feedback from a developer saying, "They are scanning a Python code, but getting feedback around Java code." While the remediation and guidelines are there, improvement is still required, e.g., you won't get the exact guidelines, but you can get some sort of a high-level insights.""The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved.""Veracode has plenty of data. The problem is the information on the dashboards of Veracode, as the user interface is not great. It's not immediately usable. Most of the time, the best way to use it is to just create issues and put them in JIRA... But if I were a startup, and only had products with a good user interface, I wouldn't use Veracode because the UI is very dated.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""The triage indicator was kind of hard to find. It's a very small arrow and I had no idea it was there.""The solution could improve the Dynamic Analysis Security Testing(DAST)."

More Veracode Cons →

"There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes.""In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful.""It does scanning for all virtual machines and other things, but it doesn't do the scanning for containers. It currently lacks the ability to do the scanning on containers. We're asking their product management team to expand this capability to containers.""Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve.""Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly.""The thing that could be improved is reducing the cost of usage and including some of the most pricey features, such as dynamic analysis and that sort of functionality, which makes the difference between different types of tools.""They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it.""The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."

More Micro Focus Fortify on Demand Cons →

"Deployment can be complicated.""There could be better management and faster scanning.""We procured around 110 licenses for Web Application Scanning, but we have issues running concurrent scans. I don't currently have the option to trigger scans for all 100-plus websites. The default limit is around 10 conference scans. It's not very scalable, to be honest, because of the limitation that they put on concurrent scans.""Sometimes the response time is low because the handshake fails, and then you have to re-login and start again.""When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem.""The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs.""The reporting contains too many false positives.""The virus code updates are not frequent enough."

More Qualys Web Application Scanning Cons →

Pricing and Cost Advice
  • "I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."
  • "Veracode's price is high. I would like them to better optimize their pricing."
  • "If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
  • "Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
  • "We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive."
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • More Veracode Pricing and Cost Advice →

  • "It is quite expensive. Pricing and the licensing model could be improved."
  • "It is cost-effective."
  • "Their subscriptions could use a little bit of a reworking, but I am very happy with what they're able to provide."
  • "We are still using the trial version at this point but I can already see from the trial version alone that it is a good product. For others, I would say that Fortify on Demand might look expensive at the beginning, but it is very powerful and so you shouldn't be put off by the price."
  • "The price is fair compared to that of other solutions."
  • "The solution is a little expensive."
  • "We make an annual purchase of the licenses we need."
  • "The solution is expensive and the price could be reduced."
  • More Micro Focus Fortify on Demand Pricing and Cost Advice →

  • "The cost is $30,000 USD for one year to cover WAS (Web Application Security) and the VM (Virtual Machine) security in a company with 200 employees."
  • "We are on an annual license for the solution and the pricing could be more affordable."
  • "Qualys WAS' pricing is competitive."
  • More Qualys Web Application Scanning Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    619,967 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM… more »
    Top Answer:Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able… more »
    Top Answer:While using Micro Focus Fortify on Demand we have been very happy with the results and findings.
    Top Answer:Micro Focus Fortify on Demand licenses are managed by our IT team and the license model is user-based.
    Top Answer:Micro Focus Fortify on Demand could improve the reports. They could benefit from being more user-friendly and intuitive.
    Top Answer:Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security… more »
    Top Answer:Sometimes the response time is low because the handshake fails, and then you have to re-login and start again. In the… more »
    Comparisons
    Also Known As
    Fortify on Demand
    Qualys WAS
    Learn More
    Overview

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    Micro Focus Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

    Micro Focus Fortify on Demand Features

    Micro Focus Fortify on Demand has many valuable key features. Some of the most useful ones include:

    • Deployment flexibility
    • Scalability
    • Built for DevSecOps
    • Ease of use
    • Supports 27+ languages
    • Real-time vulnerability identification with
    • Security Assistant
    • Actionable results in less than 1 hour for most applications with DevOps automation
    • Expanded coverage, accuracy and remediation details with IAST runtime agent
    • Continuous application monitoring of production applications
    • Virtual patches
    • Supports iOS and Android mobile applications
    • Security vulnerability identification
    • Behavioral and reputation analysis

    Micro Focus Fortify on Demand Benefits

    There are several benefits to implementing Micro Focus Fortify on Demand. Some of the biggest advantages the solution offers include:

    • Fast remediation: With Micro Focus Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.
    • Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.
    • Security testing: Micro Focus Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Micro Focus Fortify on Demand solution.

    Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

    A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

    Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

    A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

    PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

    Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

    Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

    Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

    • Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.

    • DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.

    • Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.

    • Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.


    Benefits of Qualys Web Application Scanning

    Qualys Web Application Scanning offers many benefits, including:

    • Quick Deployment: Requires no infrastructure or software to upkeep.

    • Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.

    • Centralized Management: Manage and mend all web app vulnerabilities through a single interface.

    • Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.

    • Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.

    • Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

    Reviews from Real Users

    Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

    P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

    Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

    Offer
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about Micro Focus Fortify on Demand
    Learn more about Qualys Web Application Scanning
    Sample Customers
    State of Missouri, Rekner
    SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
    BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
    Top Industries
    REVIEWERS
    Financial Services Firm31%
    Insurance Company11%
    Computer Software Company11%
    Healthcare Company7%
    VISITORS READING REVIEWS
    Computer Software Company26%
    Comms Service Provider14%
    Financial Services Firm12%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm35%
    Computer Software Company13%
    Retailer13%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Computer Software Company26%
    Financial Services Firm15%
    Comms Service Provider14%
    Government7%
    REVIEWERS
    Financial Services Firm40%
    Computer Software Company10%
    Recruiting/Hr Firm10%
    Pharma/Biotech Company10%
    VISITORS READING REVIEWS
    Computer Software Company26%
    Comms Service Provider14%
    Financial Services Firm10%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise27%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    REVIEWERS
    Small Business24%
    Midsize Enterprise14%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise12%
    Large Enterprise74%
    REVIEWERS
    Small Business13%
    Midsize Enterprise13%
    Large Enterprise74%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise17%
    Large Enterprise65%
    Buyer's Guide
    Micro Focus Fortify on Demand vs. Qualys Web Application Scanning
    July 2022
    Find out what your peers are saying about Micro Focus Fortify on Demand vs. Qualys Web Application Scanning and other solutions. Updated: July 2022.
    619,967 professionals have used our research since 2012.

    Micro Focus Fortify on Demand is ranked 7th in Application Security Tools with 21 reviews while Qualys Web Application Scanning is ranked 12th in Application Security Tools with 6 reviews. Micro Focus Fortify on Demand is rated 7.8, while Qualys Web Application Scanning is rated 7.6. The top reviewer of Micro Focus Fortify on Demand writes "Makes it easy to discover hidden vulnerabilities in our open source libraries". On the other hand, the top reviewer of Qualys Web Application Scanning writes "Has a good progressive scan feature but the data server needs improvement". Micro Focus Fortify on Demand is most compared with SonarQube, Checkmarx, Coverity, Fortify WebInspect and Snyk, whereas Qualys Web Application Scanning is most compared with Tenable.io Web Application Scanning, OWASP Zap, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Micro Focus Fortify on Demand vs. Qualys Web Application Scanning report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.