IT Central Station is now PeerSpot: Here's why

Fortify Application Defender OverviewUNIXBusinessApplication

Fortify Application Defender is #19 ranked solution in application security tools. PeerSpot users give Fortify Application Defender an average rating of 8 out of 10. Fortify Application Defender is most commonly compared to Checkmarx: Fortify Application Defender vs Checkmarx. Fortify Application Defender is popular among the large enterprise segment, accounting for 74% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: June 2022

What is Fortify Application Defender?

Micro Focus Security Fortify Application Defender is a runtime application self-protection (RASP) solution that helps you manage and mitigate risk from homegrown or third-party applications. It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits and other violations in real time.

Fortify Application Defender was previously known as HPE Fortify Application Defender, Micro Focus Fortify Application Defender.

Fortify Application Defender Customers

ServiceMaster, Saltworks, SAP

Fortify Application Defender Video

Fortify Application Defender Pricing Advice

What users are saying about Fortify Application Defender pricing:
  • "The base licensing costs for the SaaS platform is about $900 USD per application, per year."
  • "The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
  • "The price of this solution could be less expensive."
  • Fortify Application Defender Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Tom Haakma - PeerSpot reviewer
    Director of Security at Merito
    Real User
    Top 5Leaderboard
    Straightforward to deploy and integrates well with WebInspect to secure against application-specific threats
    Pros and Cons
    • "The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
    • "The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."

    What is our primary use case?

    I do not use this product personally. Rather, I implement it for other people. The general use case is application-specific threat blocking. Most of our customers use it as an augment to their WAF.

    How has it helped my organization?

    When our customers turn on the app defender, they can see the things that it's blocking that are getting by their WAF. This is the reason that most people implement it.

    What is most valuable?

    The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology. The rules that are created are very specific to the application that it's defending. In a typical WAF, out of the box, it comes with a set of standard rules that work reasonably well. However, if you want rules that are specific to vulnerabilities that you know are in the application, the application defender is superior at defending against these. 

    What needs improvement?

    The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java. They need better support for applications written in Python or more advanced web service-type implementations. Better support for other architectures is critical. Technical support needs to be improved. It would be helpful to include agent deployment as part of the Azure DevOps marketplace. This would make it really easy for customers to get this plugin and install it within their application centers.
    Buyer's Guide
    Application Security
    June 2022
    Find out what your peers are saying about Micro Focus, Sonar, Synopsys and others in Application Security. Updated: June 2022.
    608,010 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been dealing with Fortify Application Defender for about seven years.

    What do I think about the stability of the solution?

    I have not seen too many issues that would impact stability. It is very much a "deploy it and forget it" type solution.

    How are customer service and support?

    Technical support is an area that can be improved and I think that it's been a known issue since the Fortify team was acquired by HP, many years ago. It's still a problem now, even though they are now part of the Micro Focus team. I recently communicated with one of the senior managers and they are aware of the issues, and they are working on them, but I'd say that it's still an area that needs improvement.

    How was the initial setup?

    The initial setup is fairly straightforward. It does require the deployment of an agent, but this is not unlike every other platform that is application-specific. The deployment requires collaboration between the security team, who's typically running the application security program, and the operations team, who's responsible for the deployment and management of the hardware that the applications run on. These two teams really have to be engaged from an implementation standpoint to make sure that the plan fits and has input from both perspectives.

    What about the implementation team?

    We deploy this product for our clients. In the SaaS platform, the Fortify teams are responsible for maintenance. The agents that are deployed within the customer's environment simply ping back to the console for updates, which is an automated tasks. The number of people and the time it takes to perform updates is minimal.

    What's my experience with pricing, setup cost, and licensing?

    The base licensing costs for the SaaS platform is about $900 USD per application, per year. Some larger companies have different pricing based on scale and the size of their implementation. I believe they have a trial period, where they allow you to use it for free.

    What other advice do I have?

    My advice for anybody who is considering Fortify Application Defender is to try it before you buy it. It is one of those things that once you see it in action, it is pretty impressive. Considering there is a free trial available, I think that more people should try it. I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Business Development Specialist at a computer software company with 11-50 employees
    Real User
    Top 20
    Secure, versatile cyber security technology
    Pros and Cons
    • "We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
    • "The licensing can be a little complex."

    What is our primary use case?

    I work for a local distributor for Micro Focus. We provide customers with a proof of values and we're showing them in deep dive into the main benefits of this highly technical product while trying to patch together different technologies, starting with the developing phase. 

    How has it helped my organization?

    We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment.

    What needs improvement?

    The licensing can be a little complex.

    For how long have I used the solution?

    I have been using this solution for more than 10 years.

    What do I think about the stability of the solution?

    It is very stable.

    What do I think about the scalability of the solution?

    This product is scalable. You are able to add licenses depending on your department, how many developers you have, the number of the projects, etc.

    There are a few hundred users in my area and we require two people for maintenance. 

    How are customer service and support?

    We handle first level support for our customers, the vendor will handle anything harder. Their support gas been great throughout the years. They are always willing to solve any issue from the commercial technical point of view.

    How was the initial setup?

    The initial setup can vary depending on the client's use case. We have a professional service department that handles the POD. This includes installation, configuration, training, deployment, knowledge transfer and support after that if needed. 

    What was our ROI?

    Our end users ROI should be okay for a minimum of three to five years. Even though they are not able to turn revenue with this product, they are able to Become more aware of a lot of threats and cyber security risks which allows them to reallocate some of their budget to affected areas if needed.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size. 

    What other advice do I have?

    It has been in the Gartner's Magic Quadrant for many years. It's a very solid technology that is nice to use on the developing site and it is secure and stable.

    I would rate this product a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Buyer's Guide
    Application Security
    June 2022
    Find out what your peers are saying about Micro Focus, Sonar, Synopsys and others in Application Security. Updated: June 2022.
    608,010 professionals have used our research since 2012.
    System Quality Assurance Manager at AIS - Advanced Info Services Plc.
    Real User
    Top 5Leaderboard
    Straightforward resolution information, stable, but automation could improve
    Pros and Cons
    • "The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
    • "The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."

    What is our primary use case?

    We use Fortify Application Defender for scanning our whole repository source code for security. We have more than 4,000 repositories in our company.

    What is most valuable?

    The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions.

    What needs improvement?

    The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours.

    In an upcoming release, they could improve how they apply the automation.

    For how long have I used the solution?

    I have been using Fortify Application Defender for approximately 10 years.

    What do I think about the stability of the solution?

    The solution is stable.

    What do I think about the scalability of the solution?

    The solution does not scale well because there are limitations. For example, the licensing is attached to the programmer, and it is very difficult to do it automatically queries.

    How was the initial setup?

    The initial installation of Fortify Application Defender is more complex than the SonarQube, but it is not too difficult to do from scratch. Last year we did the installation in a new environment from scratch and we did not have problem.

    What's my experience with pricing, setup cost, and licensing?

    The price of this solution could be less expensive.

    Which other solutions did I evaluate?

    I have evaluated SonarQube.

    What other advice do I have?

    I recommend this solution to others. However, most companies will choose SonarQube.

    I rate Fortify Application Defender a seven out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Application Security Report and find out what your peers are saying about Micro Focus, Sonar, Synopsys, and more!
    Updated: June 2022
    Product Categories
    Application Security
    Buyer's Guide
    Download our free Application Security Report and find out what your peers are saying about Micro Focus, Sonar, Synopsys, and more!