Try our new research platform with insights from 80,000+ expert users
OpenText Core Application Security Logo

OpenText Core Application Security pros and cons

Vendor: OpenText
4.0 out of 5
Leave a review

Pros & Cons summary

OpenText Core Application Security enables swift vulnerability identification and remediation, integrating seamlessly with platforms like Microsoft Information Server and Jira. The cloud-based solution supports multiple languages but lacks features such as Software Composition Analysis. Despite accurate static code analysis, it suffers from false positives and lengthy scan times. Integration with CI/CD pipelines needs refinement, and its technical support is often slow, complicating issue resolution for developers.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

OpenText Core Application Security facilitates faster remediation cycles by enabling developers to quickly identify and address vulnerabilities.
It identifies security vulnerabilities early in the development process, allowing issues to be resolved before reaching the client stage.
The static code analysis features provide accurate results, minimizing false positives and enhancing risk reduction.
OpenText Core Application Security seamlessly integrates with various development platforms such as Microsoft Information Server and Jira, streamlining the developer's workflow.
Being cloud-based, OpenText Core Application Security requires no installation and is easily scalable, supporting a wide range of programming languages.

CONS

OpenText Core Application Security lacks some important features that competitors have, such as Software Composition Analysis and full dead code detection.
There are complaints about frequent false positives, complicating vulnerability assessments.
Scans are time-consuming, taking up to three to five days, and improvements are needed to reduce this timeframe.
Technical support is inadequate, with slow response times and issues connecting with technical or sales representatives.
The integration process in CI/CD pipelines and with GitHub or GitLab is underdeveloped and could be improved.
 

OpenText Core Application Security Pros review quotes

JL
Jason Lebrecht US
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
Aug 25, 2017
I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification
Read full review
it_user506661 - PeerSpot reviewer
it_user506661
Senior Lead at a computer software company with 1,001-5,000 employees
Aug 21, 2016
We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients.
Read full review
it_user512112 - PeerSpot reviewer
it_user512112
Technical Lead at a tech services company with 10,001+ employees
Sep 14, 2016
Audit workbench: for on-the-fly defect auditing.
Read full review
Buyer's Guide
OpenText Core Application Security
March 2026
Free Report: OpenText Core Application Security Reviews and More
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
884,706 professionals have used our research since 2012.
it_user692322 - PeerSpot reviewer
it_user692322
Digital Security Integration Lead at a non-tech company with 10,001+ employees
Jun 27, 2017
The quality of application security testing reduces risk and gives very few false positives.
Read full review
MK
Murat Kaya
Application Security Specialist at a tech services company with 5,001-10,000 employees
Jan 11, 2018
The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product).
Read full review
EP
Elina Petrovna
Professor at BitBrainery University
Apr 18, 2018
It has saved us a lot of time as we focus primarily on programming rather than tool operational work.
Read full review
JM
Jonathas De Morais
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
Aug 14, 2018
One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed.
Read full review
NB
Nixon B
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Aug 16, 2018
It improves future security scans.
Read full review
it_user625875 - PeerSpot reviewer
it_user625875
Director Consulting at a tech services company with 10,001+ employees
Oct 28, 2018
I do not remember any issues with stability.
Read full review
reviewer1050960 - PeerSpot reviewer
reviewer1050960
CISO at a retailer with 1,001-5,000 employees
May 15, 2019
The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it.
Read full review
Show 10 more reviews (out of 54)
 

OpenText Core Application Security Cons review quotes

JL
Jason Lebrecht US
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
Aug 25, 2017
With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities.
Read full review
it_user506661 - PeerSpot reviewer
it_user506661
Senior Lead at a computer software company with 1,001-5,000 employees
Aug 21, 2016
The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there.
Read full review
it_user512112 - PeerSpot reviewer
it_user512112
Technical Lead at a tech services company with 10,001+ employees
Sep 14, 2016
.NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio.
Read full review
Buyer's Guide
OpenText Core Application Security
March 2026
Free Report: OpenText Core Application Security Reviews and More
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
884,706 professionals have used our research since 2012.
it_user692322 - PeerSpot reviewer
it_user692322
Digital Security Integration Lead at a non-tech company with 10,001+ employees
Jun 27, 2017
New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions.
Read full review
MK
Murat Kaya
Application Security Specialist at a tech services company with 5,001-10,000 employees
Jan 11, 2018
The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility.
Read full review
EP
Elina Petrovna
Professor at BitBrainery University
Apr 18, 2018
It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt.
Read full review
JM
Jonathas De Morais
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
Aug 14, 2018
It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers.
Read full review
NB
Nixon B
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Aug 16, 2018
Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues.
Read full review
it_user625875 - PeerSpot reviewer
it_user625875
Director Consulting at a tech services company with 10,001+ employees
Oct 28, 2018
There were some regulated compliances, which were not there.
Read full review
reviewer1050960 - PeerSpot reviewer
reviewer1050960
CISO at a retailer with 1,001-5,000 employees
May 15, 2019
Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse.
Read full review
Show 10 more reviews (out of 54)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs OpenText Core Application Security Logo
SonarQube vs OpenText Core Application Security
Snyk vs OpenText Core Application Security Logo
Snyk vs OpenText Core Application Security
Checkmarx One vs OpenText Core Application Security Logo
Checkmarx One vs OpenText Core Application Security
GitLab vs OpenText Core Application Security Logo
GitLab vs OpenText Core Application Security
Veracode vs OpenText Core Application Security Logo
Veracode vs OpenText Core Application Security
Coverity Static vs OpenText Core Application Security Logo
Coverity Static vs OpenText Core Application Security
GitHub Advanced Security vs OpenText Core Application Security Logo
GitHub Advanced Security vs OpenText Core Application Security
Acunetix vs OpenText Core Application Security Logo
Acunetix vs OpenText Core Application Security
Mend.io vs OpenText Core Application Security Logo
Mend.io vs OpenText Core Application Security
OWASP Zap vs OpenText Core Application Security Logo
OWASP Zap vs OpenText Core Application Security
Sonatype Lifecycle vs OpenText Core Application Security Logo
Sonatype Lifecycle vs OpenText Core Application Security
PortSwigger Burp Suite Professional vs OpenText Core Application Security Logo
PortSwigger Burp Suite Professional vs OpenText Core Application Security
GitGuardian Platform vs OpenText Core Application Security Logo
GitGuardian Platform vs OpenText Core Application Security
HCL AppScan vs OpenText Core Application Security Logo
HCL AppScan vs OpenText Core Application Security
Qualys Web Application Scanning vs OpenText Core Application Security Logo
Qualys Web Application Scanning vs OpenText Core Application Security
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs OpenText Core Application Security Logo
SonarQube vs OpenText Core Application Security
Snyk vs OpenText Core Application Security Logo
Snyk vs OpenText Core Application Security
Checkmarx One vs OpenText Core Application Security Logo
Checkmarx One vs OpenText Core Application Security
GitLab vs OpenText Core Application Security Logo
GitLab vs OpenText Core Application Security
Veracode vs OpenText Core Application Security Logo
Veracode vs OpenText Core Application Security
Coverity Static vs OpenText Core Application Security Logo
Coverity Static vs OpenText Core Application Security
GitHub Advanced Security vs OpenText Core Application Security Logo
GitHub Advanced Security vs OpenText Core Application Security
Acunetix vs OpenText Core Application Security Logo
Acunetix vs OpenText Core Application Security
Mend.io vs OpenText Core Application Security Logo
Mend.io vs OpenText Core Application Security
OWASP Zap vs OpenText Core Application Security Logo
OWASP Zap vs OpenText Core Application Security
Sonatype Lifecycle vs OpenText Core Application Security Logo
Sonatype Lifecycle vs OpenText Core Application Security
PortSwigger Burp Suite Professional vs OpenText Core Application Security Logo
PortSwigger Burp Suite Professional vs OpenText Core Application Security
GitGuardian Platform vs OpenText Core Application Security Logo
GitGuardian Platform vs OpenText Core Application Security
HCL AppScan vs OpenText Core Application Security Logo
HCL AppScan vs OpenText Core Application Security
Qualys Web Application Scanning vs OpenText Core Application Security Logo
Qualys Web Application Scanning vs OpenText Core Application Security
See all alternatives
Related questions
  • 26
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 20
What are the costs for Micro Focus Fortify on Demand?
  • 157
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 73
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 127
What are the Top 5 cybersecurity trends in 2022?
  • 167
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 78
We're evaluating Tripwire, what else should we consider?
  • 60
Which application security solutions include both vulnerability scans and quality checks?
  • 325
Is SonarQube the best tool for static analysis?
  • 67
Why Do I Need Application Security Software?