We performed a comparison between Fortify on Demand and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"It's a stable and scalable solution."
"Speed and efficiency are great features."
"It improves future security scans."
"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."
"Audit workbench: for on-the-fly defect auditing."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"Qualys WAS' most valuable features are the navigation flow of the UI and the option for a different layer of security (identification and operation through email and mobile)."
"The interface is user-friendly and easy to understand."
"It is easy to use."
"The most valuable feature of Qualys Web Application Scanning is the effective scanning that can be done."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"With our vulnerabilities under control, it's putting our services in compliance and minimizing our risk for exposure."
"This product is designed for easy scalability and can easily scale up without major challenges."
"The technical support is actually a problem that needs to be addressed. Since the acquisition and merger with Hewlett Packard, it has been really hard to know who the technical or salesperson to talk to."
"There are many false positives identified by the solution."
"They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it."
"The vulnerability analysis does not always provide guidelines for what the developer should do in order to correct the problem, which means that the code has to be manually inspected and understood."
"An improvement would be the ability to get vulnerabilities flowing automatically into another system."
"Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify."
"The UI could be better. Fortify should also suggest new packages in the product that can be upgraded. Currently, it shows that, but it's not visible enough. In future versions, I would like more insights about the types of vulnerabilities and the pages associated with the exact CVE."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"The area of false positives could be improved. There are quite a number of false positives as compared to other solutions. They could probably fine tune the algorithm to be able to reduce the number of false positives being detected."
"The product's pricing could be better."
"They should try to include business logic vulnerabilities in the scanner testing."
"In terms of the Policy Compliance model which they currently have, not all the platforms are being covered. If they could improve on the Policy Compliance model, since there are policies which are benchmarked against it, this will be helpful for us."
"The solution needs to adjust its pricing. They should make it more affordable."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."
More Qualys Web Application Scanning Pricing and Cost Advice →
Fortify on Demand is ranked 11th in Application Security Tools with 55 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. Fortify on Demand is rated 8.0, while Qualys Web Application Scanning is rated 7.8. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". Fortify on Demand is most compared with SonarQube, Checkmarx, Veracode, Coverity and Fortify WebInspect, whereas Qualys Web Application Scanning is most compared with OWASP Zap, Veracode, SonarQube, PortSwigger Burp Suite Professional and Fortify WebInspect. See our Fortify on Demand vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.