Fortify on Demand Primary Use Case
We use Fortify on Demand to look at dependency vulnerabilities and vulnerabilities in the source code. We are customers of Micro Focus.
View full review »The primary use case for Fortify On Demand in our environment revolves around its critical role in sales and desk operations. It helps identify application vulnerabilities from both a source code and web perspective. It directly detects issues such as SQL injection in the source code. It conducts website scans with customizable configurations to examine potential risks and vulnerabilities, which is crucial during software development. We can avoid risks before moving to the production stage.
View full review »Whenever we have a new application we scan it using Micro Focus Fortify on Demand. We then receive a service connection from Azure DevOps to Micro Focus Fortify on Demand and the information from the application tested.
We are using Micro Focus Fortify on Demand in two ways in most of our processes. We are either using it from our DevOps pipeline using Azure DevOps or the teams which are not yet onboarded in Azure DevOps, are running it manually by putting in the code then sending it to the security team where they will scan it.
We use two solutions for our application testing. We use SonarQube for next-level unit testing and code quality and Micro Focus Fortify on Demand mostly for vulnerabilities and security concerns.
View full review »Buyer's Guide
Fortify on Demand
April 2024
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,246 professionals have used our research since 2012.
I have used Fortify on Demand for security scanning, along with outsourcing to companies that scan our systems and report vulnerabilities. My work has involved securing our APIs and systems.
We use Fortify across all stages of the environment: development, test, and production. We even use it for disaster recovery.
Whenever we deploy our Jenkins pipelines, the system automatically scans our Git repository to fix security vulnerabilities. All the security vulnerabilities are then created as tasks in Jira, so we can fix them as quickly as possible.
View full review »We use the solution to scan our software. We scan it at every build. We run the scans and read the reports.
View full review »We are the central team that manages Fortify end-to-end and provides it as a solution to internal users. We are using SonarQube for code review, but we use Fortify and Nexus IQ for DevOps.
View full review »AM
reviewer2303070
Test Lead at a financial services firm with 10,001+ employees
We use it to scan the bank's applications systematically. This process aims to identify and address security vulnerabilities within the applications, ensuring the robustness of our security measures.
View full review »I use the solution to check the software, as the development is done internally, to detect any security breaches. If there is something in the code that could lead to SQL injections or other vulnerabilities, it will be detected.
View full review »We use it as the source for code review for static code analysis.
View full review »FC
Fernando Carlos
Project Manager at Everis
We're implementing DevSecOps in Fortify only a part of the big picture. We are implementing the entire secure development lifecycle.
View full review »Our use case of Fortify is for the more than 200 applications that we need to certify as a security team. We certify them for all possible vulnerabilities using Micro Focus to check codes for vulnerabilities and then deploying to a reproduction environment. Once all the vulnerabilities are fixed, we can proceed to production. So we're using it as a kind of DevSecOps model. We are customers of Micro Focus.
View full review »SS
reviewer1529571
Acquisitions Leader at a healthcare company with 10,001+ employees
We are using it for application security testing. We have microservices and applications within the organization, and the testing is being done on a continuous basis right through the development cycle or the development chain.
We are using its latest version. It is deployed on the cloud and on-premises.
View full review »Micro Focus Fortify on Demand can be deployed on-premise or in the cloud.
We are mainly using Micro Focus Fortify on Demand for security.
View full review »PR
Prakash-Rao
Vice President - Solution Architecture at a financial services firm with 10,001+ employees
We are using Fortify on Demand as a static code analyzer. As it scans each application, it checks each line of code. When we are developing mobile applications there might be some kind of security vulnerability. One example is a check to see if information that is being transferred is not encrypted because this would be vulnerable to hackers who are trying to break into the system. We also look at whether were are using the network transport layer security.
Our overall goal at this time is to protect our mobile app because it is one of the ways that hackers can break into the system.
JM
Jonathas De Morais
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
We use it for externally exposed applications that we want to scan before releasing them to production. As you can imagine, it's important to make sure they're secure and that we will not be exposed. For internal apps, we use other static code scanning, primarily SonarQube. But Fortify on Demand is for externally exposed applications.
View full review »Micro Focus Fortify on Demand is used for detecting vulnerabilities in code, looking at libraries, and finding where there are vulnerabilities within unpatched code.
RK
Raghu Krishna Y
GM - Technology at a outsourcing company with 10,001+ employees
We have an application sending service that we are providing to our customers and we are using Micro Focus Fortify on Demand to ensure our applications are secure.
View full review »DV
Dionisio Valdés
Senior System Analyst at Azurian
We create technology solutions for clients and on one project we were requested to use Fortify on Demand after the client had read a good report about it. They sent us the report and recommended its use.
In this case, we were using Java to program the client's solution and so we used Fortify on Demand alongside our Java development operations, for the purpose of improving the application's security.
The work we were doing for the client involved creating a billing system that they would use to manage payments and taxes for other companies in Chile. We've only used Fortify on Demand for this one client so far.
Because Fortify on Demand was so new to us, we decided to go with the trial version first and figure out the costing at a later stage.
We use this solution for our web applications.
View full review »I am using Micro Focus Fortify on Demand for SAT analogies and data analysis.
View full review »NT
reviewer2107677
Cyber Security Specialist at a computer software company with 51-200 employees
The solution is used for web application listing, like, SaaS.
View full review »LM
reviewer1468542
Principal Solutions Architect at a security firm with 11-50 employees
Our clients use it for scanning their applications and evaluating their application security. It is mostly for getting the application security results in, and then they push the vulnerabilities to their development team on an issue tracker such as Jira.
I usually have the latest version unless I need to support something on an older version for a client. We're not really deploying any of these solutions except for kind of testing and replicating the situations that our clients get into.
BK
reviewer1263261
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees
I have been using this solution to gain some perspective from different architectures for the security team. I do not use it every day. I do have an overview and it is integrated with our development platform.
I do work for our governance team, so whenever a project is coming I will review products. I need to connect with the project managers for testing them, and these tests include the vulnerability assessment along with other security efforts. One of the things that I suggest is using Micro Focus Fortify on Demand.
The primary use case is core scanning for different vulnerabilities, based on standards. It beings with an architect who designs a model on a security-risk advisor platform. Then you have an idea of what the obstacles are. Once the code is scanned according to standards, you figure out where the gaps are. The team then suggests what needs to be done to the code to fix the vulnerabilities. The process repeats after the code is fixed until all of the vulnerabilities have been eliminated.
When you take all of these things together, it is Security by design.
View full review »I mainly use Fortify on Demand for static scanning.
View full review »RC
reviewer1078392
Security Systems Analyst at a retailer with 5,001-10,000 employees
All in-house developed code or a third-party developed code on our behalf is scanned via Fortify on Demand. Any results for unsecure code, vulnerabilities, or issues are passed back to the development teams for remediation.
View full review »Fortify is used for static scans — cold-scanning.
View full review »DG
Dheeraj G
Information Security Engineer at a comms service provider with 501-1,000 employees
We use it for normal, daily source code reviews and code analysis.
View full review »JP
reviewer1210665
Production Manager for Nearshore SWaT at a computer software company with 1,001-5,000 employees
We use Micro Focus Fortify on Demand to check the vulnerabilities of developments that we perform.
View full review »MK
Murat Kaya
Application Security Specialist at a tech services company with 5,001-10,000 employees
When choosing a software security product, we expect the product not only has the ability to find exploits, but also has educational and instructional capabilities related to exploits. This makes both the security auditor's job easier and helps the software developer to improve himself and write safer code. Here we have seen that the Micro Focus family has exactly what we want. For this reason, we chose Micro Focus software security products. In addition, the quality of the support and updating services ensures that we gain confidence in their products.
AM
Александр Мерзляков
Project Manager at LINS
Fortify on Demand is primarily used in DevSecOps in a banking environment.
View full review »We use it for statistical analysis for Java applications that are used in the collection process of a bank. It is also used for an internal web page. The tellers use this web page in the branches to make money transactions, such as withdrawals, deposits, etc.
JE
reviewer1050960
CISO at a retailer with 1,001-5,000 employees
We use Fortify on Demand to test our e-commerce website. We do static codes testing before it goes live.
View full review »NB
Nixon B
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
We previously used it for static and dynamic scans, but now we use it only for dynamic scans.
We have close to 85 products in-house, so we run a lot of scans.
View full review »EP
Elina Petrovna
Professor at BitBrainery University
I analyzed more than 20 applications implemented in BIT Brainery University. The static analysis has to be done every release before putting it in production.
View full review »CU
ChimaUzomba
Chief Executive & Certified Security Administrator at Boch Systems Company Limited
We recommend this product to our customers. We act as vendors and resellers. This is actually one of the solutions we often recommend to our customers most often. Usually, this is the best choice for banking and financial institutions. It is deployed by their development team in-house. They use it to manage and test product lifecycles.
View full review »My primary use case is to help the teams in development. It helps us scan.
View full review »MJ
Mamta Jha
Co-Founder at TechScalable
We are architecting applications for e-commerce websites similar to Amazon. Everything is running on the cloud, and Micro Focus Fortify on Demand is totally integrated with our solution at this point in time.
View full review »BS
reviewer961944
R&D at a tech services company with 51-200 employees
We are using Micro Focus Fortify on Demand because in the beginning we were using the on-premise version and it was very limited. We thought we could do everything wanted with the on-premise solution. However, it was not easy to use.
We are testing the Micro Focus Fortify on Demand solution to improve security.
We are using the on-premise version of this solution for the static code for developers. For the dynamic code, we're using Micro Focus Fortify on Demand.
View full review »RB
reviewer1250178
Security Information Manager at a tech services company with 10,001+ employees
I use it for SAST, security analysis static code.
View full review »IL
Ives Laaf
Head of Compliance & Quality / CISO at a tech services company with 51-200 employees
Our primary use case for this solution is static code analysis.
View full review »OO
reviewer1361028
Information Security Manager at a tech services company with 501-1,000 employees
We use Micro Focus Fortify on Demand to access web applications and more.
View full review »Buyer's Guide
Fortify on Demand
April 2024
Learn what your peers think about Fortify on Demand. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,246 professionals have used our research since 2012.