Fortify on Demand Reviews

Name: Fortify on Demand
Brand: OpenText
Rating: 4 (58 reviews)

4.0 out of 5

58 reviews
89% willing to recommend

4,177 followers

What is Fortify on Demand?

Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

Get the Fortify on Demand Buyer's Guide and find out what your peers are saying about Fortify on Demand, SonarQube, Veracode and more!

Fortify on Demand is the #8 ranked solution in application security solutions and #9 ranked solution in AST tools. PeerSpot users give Fortify on Demand an average rating of 8.0 out of 10. Fortify on Demand is most commonly compared to SonarQube: Fortify on Demand vs SonarQube. Fortify on Demand is popular among the large enterprise segment, accounting for 72% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 19% of all views.

Helped 793,295 peers since 2012

Featured reviews

Thomas Boltze

Cloud Architecture Head at PagoNxt Merchant Solutions S.L.

Whether or not this solution will be useful depends on the maturity of your organization. If you understand what all the messages and the analysis mean, and you can usefully react to it then I think you should absolutely use it. If you're still working out these things, you should probably first go through some learning process and start with some simpler tooling that gives you some insights. The challenge is always how to make things actionable and that is lacking to some extent. If, for example, there is something that depends on scans for vulnerability for all your dependencies and just pulls requests for you, Fortify doesn't action anything. It leaves all the actioning things to you so in a sense, it creates more work for the developers, but it doesn't help them to do the work. We're not happy with the solution as a process because of the way it's internally implemented in the bank. On the other hand, the features are quite good so I would rate that aspect higher. On average, I rate this solution seven out of 10.

Read full review

AhmedElkholy

Pre-Sales Manager at Ejada Company Limited

One of the most valuable features of Fortify On Demand is its ability to integrate seamlessly with the DevOps lifecycle, particularly in terms of security testing. Injecting security testing into the DevOps process ensures that security measures are incorporated from the development stage onwards. It aligns with the main objective of DevOps, which is to automate and streamline the software development lifecycle, from code commit to deployment. With automation tools orchestrating the pipeline, tasks such as code compilation, testing, and deployment can be carried out rapidly and efficiently. This results in faster time-to-market for features, reducing deployment times from hours to minutes. It enhances trust from customers and cybersecurity teams, as security measures are built into the software from the outset, increasing confidence in the security.

Read full review

Jayashree Acharyya

Director at PepsiCo

Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve. Currently, when we are running a security scan or Azure DevOps pipeline Micro Focus Fortify on Demand will give an overall status. People have to click on the link to read the in-depth results. If there could be some output of the report that can be passed in the pipeline and based on that we can control the next step of the pipeline. For example, if Micro Focus Fortify on Demand is saying the report is critical, do not go any further. If we can have that critical variable as a pipeline output that can be used later it would be really helpful.

Read full review

Fortify on Demand mindshare

Product category:

As of July 2024, the mindshare of Fortify on Demand in the Application Security Tools category stands at 4.8%, up from 4.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Last updated Jun 26, 2024

Valuable Features

"I use the solution in my company for security code scans."
"The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins."
"The scanning capabilities, particularly for our repositories, have been invaluable."

Room for Improvement

"The product has a lot of false positives."
"Fortify on Demand needs to improve its pricing."
"There is room for improvement in the integration process."

Pricing

"Fortify on Demand is more expensive than Burpsuite. I rate its pricing a nine out of ten."
"The product's cost depends on the type of license."
"Despite being on the higher end in terms of cost, the biggest value lies in its abilities, including robust features, seamless integration, and high-quality findings."

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Fortify on Demand Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

19%

Computer Software Company

14%

Manufacturing Company

12%

Government

Insurance Company

Educational Organization

Healthcare Company

Retailer

Comms Service Provider

Energy/Utilities Company

University

Real Estate/Law Firm

Non Profit

Construction Company

Transportation Company

Hospitality Company

Media Company

Aerospace/Defense Firm

Wholesaler/Distributor

Outsourcing Company

Logistics Company

Pharma/Biotech Company

Legal Firm

Performing Arts

Recreational Facilities/Services Company

Consumer Goods Company

Compare Fortify on Demand with alternative products

Learn more about Fortify on Demand

Fortify on Demand Features

Fortify on Demand has many valuable key features. Some of the most useful ones include:

Deployment flexibility
Scalability
Built for DevSecOps
Ease of use
Supports 27+ languages
Real-time vulnerability identification with
Security Assistant
Actionable results in less than 1 hour for most applications with DevOps automation
Expanded coverage, accuracy and remediation details with IAST runtime agent
Continuous application monitoring of production applications
Virtual patches
Supports iOS and Android mobile applications
Security vulnerability identification
Behavioral and reputation analysis

Fortify on Demand Benefits

There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.

Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.

Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

Fortify on Demand was previously known as Micro Focus Fortify on Demand.