Try our new research platform with insights from 80,000+ expert users

OpenText Core Application Security Valuable Features

Jonathan Steyn - PeerSpot reviewer
Principal Technical Consultant at EOH

The source code analyzer is the most effective for identifying security vulnerabilities. It is the engine or the artificial intelligence behind the scanning engine that does the actual analysis of the data, and they then create an FPR file. This FPR file can then be further analyzed and tested at ScanCentral, which is your centralized dashboard for security auditing and remediation.

So from there, once you've got the artifact or this file, which is created from scanning all of your applications, it gives you a comprehensive overview of the vulnerability scores or the bug densities of your code, and then you can further analyze and test those codes and draw reports from ScanCentral.

So, these reports are against the OWASP Top ten. So you've got different reports that will give you a detailed analysis of your scan data, and it also does it in a dashboard format. So you then get a comprehensive report, and you can also draw a developer's workbook report, which you can send to developers where they actually have a bird's eye view or code-level view of the vulnerabilities and the recommendations are made by Fortify on how you can remediate those threats or vulnerabilities.

And you can then improve your bug density and scores, and you can also do that from the dashboard interface. You can also remediate and within the dashboard, change your score. So you have the dashboard, which gives you a comprehensive overview across all the applications. Also, as you remediate and fix your code, the dashboards update your scores, and then you have a view, and you can control your bug densities across all of the applications once you've onboarded each and every application. And that's across all your DAST and SAST applications. And this is on a centralized dashboard.

Fortify is constantly improving. Their tools and their interfaces are modernized with every new feature or every new version. I constantly see improvements by OpenText. OpenText is very intuitive. They're also implementing a lot of new AI capabilities with the NerdTools, which I think is remarkable.

View full review »
CP
Architecture Manager at Alinma Bank

Our CSD team used multiple tools for different scenarios. When dealing with sophisticated threats or vulnerabilities, manual analysis was necessary alongside Fortify's machine-based analysis. So, in handling complicated vulnerabilities, we couldn't rely on just one tool. Multiple tools were required. One such tool was OS Zap Proxy. We integrated Zap Proxy with Fortify, and this integration proved quite useful. Instead of relying solely on Fortify's dashboard, we integrated it with other tools, which made more sense. The security analysts, up to the level of the CSO, wouldn't rely only on a single dashboard. They used multiple tools to detect and work on vulnerabilities across various platforms and products. Fortify seamlessly integrates all these aspects.

View full review »
reviewer2646048 - PeerSpot reviewer
Lead Developer at a legal firm with 1,001-5,000 employees

Fortify helps me find serious issues, such as developers inadvertently leaving access tokens, including API access tokens, in the source code. Fortify is effective in identifying such oversights, making it a really helpful tool despite its problems. It is valuable in improving our overall security posture by catching significant errors.

View full review »
Buyer's Guide
OpenText Core Application Security
June 2025
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.
Angelo Quaglia - PeerSpot reviewer
Independent Professional at Studio Dott. Ing. Angelo Quaglia

The solution is very fast.

View full review »
Javad_Talebi - PeerSpot reviewer
Cloud architect at Vodafone

The scanning capabilities, particularly for our repositories, have been invaluable.

View full review »
AhmedElkholy - PeerSpot reviewer
Pre-Sales Manager at Ejada Company Limited

One of the most valuable features of Fortify On Demand is its ability to integrate seamlessly with the DevOps lifecycle, particularly in terms of security testing. Injecting security testing into the DevOps process ensures that security measures are incorporated from the development stage onwards. It aligns with the main objective of DevOps, which is to automate and streamline the software development lifecycle, from code commit to deployment. With automation tools orchestrating the pipeline, tasks such as code compilation, testing, and deployment can be carried out rapidly and efficiently. This results in faster time-to-market for features, reducing deployment times from hours to minutes. It enhances trust from customers and cybersecurity teams, as security measures are built into the software from the outset, increasing confidence in the security.

View full review »
reviewer2303070 - PeerSpot reviewer
Test Lead at a financial services firm with 10,001+ employees

I appreciate all the features, with a particular emphasis on their vulnerability scanner. For instance, in our environment where two-factor authentication is prevalent across many of our sites, the scanner efficiently identifies vulnerabilities, including those related to second-factor methods or mobile codes. What stands out to me is the user-friendliness of each feature. Given that we're a bank with multiple applications, having the flexibility to customize solutions according to the unique needs of each application is crucial.

View full review »
MN
Security Tester at Ray Business Technologies Private Limited

The solution is user-friendly. One feature I find very effective is the tool's automatic scanning capability. It scans replicas of the code developers write and automatically detects any vulnerabilities. The integration with CI/CD tools is also useful for plugins.

The tool's AI feature analyzes security threats and recommends updating the code accordingly. One major issue that AI detected for us was logging issues and hardware vulnerabilities. Fortify On Demand identified these, allowing our developers to address and fix the issues.

View full review »
Thomas Boltze - PeerSpot reviewer
Cloud Architecture Head at PagoNxt Merchant Solutions S.L.

We've found the depth of scanning that the product provides and the results we get are the most valuable features. 

View full review »
Robertino Catalin Ionescu - PeerSpot reviewer
Department Manager of Testing Automation Centre at a energy/utilities company with 10,001+ employees

The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place.

View full review »
ShubhamJoshi - PeerSpot reviewer
Senior Software Engineer at a consultancy with 10,001+ employees

To my mind, the best features of this product are its speed and efficiency. It covers a wide variety of languages and even has an option for checking different Java versions.

View full review »
Jayashree Acharyya - PeerSpot reviewer
Director at PepsiCo

Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning.

When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.

View full review »
Yash Brahmani - PeerSpot reviewer
Devops Engineer at BNP Paribas

The vulnerability detection and scanning are awesome features. 

View full review »
Vishal Karanjkar - PeerSpot reviewer
Site Head - IOT NW Products & Solutions at Itron, Inc.

While using Micro Focus Fortify on Demand we have been very happy with the results and findings.

View full review »
Harkamal-Singh - PeerSpot reviewer
Solution architect at NTT

The most valuable feature of Micro Focus Fortify on Demand is the information it can provide. There is quite a lot of information. It can pinpoint right down to where the problem is, allowing you to know where to fix it. Overall the features are easy to use, you don't have to be a coder. You can be a manager, or in IT operations, et cetera, anyone can use it. It is quite a well-rounded functional solution.

The allocations to different members of a team are good. If you find a problem, you can delegate the task to patch the particular code.

View full review »
reviewer1529571 - PeerSpot reviewer
Acquisitions Leader at a healthcare company with 10,001+ employees

It is a very easy tool for developers to use in parallel while they're doing the coding. It does auto scanning as we are progressing with the CI/CD pipeline. It has got very simple and efficient API support.

It is an extremely robust, scalable, and stable solution.

It enhance the quality of code all along the CI/CD pipeline from a security standpoint and enables developers to deliver secure code right from the initial stages.

View full review »
RK
GM - Technology at a outsourcing company with 10,001+ employees

The most valuable features are the server, scanning, and it has helped identify issues with the security analysis.

View full review »
Alejandro Merida - PeerSpot reviewer
Enterprise Solutions Architect at CONTPAQi

The most valuable features of Micro Focus Fortify on Demand have been SAT analysis and application security.

View full review »
Prasenjit Roy - PeerSpot reviewer
Sr. Cloud Solution Architect - SAP on Azure at Accenture

The user interface is good.

View full review »
Omar Abdelhamied Ahmed - PeerSpot reviewer
Financial Analyst at Arab Investment Bank

The SAST feature is the most valuable.

View full review »
reviewer1468542 - PeerSpot reviewer
Principal Solutions Architect at a security firm with 11-50 employees

Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.

View full review »
FC
Project Manager at Everis

The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation.

View full review »
DV
Senior System Analyst at Azurian

One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that.

Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.

View full review »
reviewer1078392 - PeerSpot reviewer
Security Systems Analyst at a retailer with 5,001-10,000 employees

Being able to reduce risk overall is a very valuable feature for us.

View full review »
reviewer1210665 - PeerSpot reviewer
Production Manager for Nearshore SWaT at a computer software company with 1,001-5,000 employees

The feature that I find the most useful is being able to just see the vulnerabilities online while checking the code and then checking suggestions for fixing them.

View full review »
PR
Vice President - Solution Architecture at a financial services firm with 10,001+ employees

Fortify on Demand is easy to use and the reporting is good.

As for the static code analysis functionality, it is doing the job that it is supposed to do. 

View full review »
Jaime Baracaldo - PeerSpot reviewer
Chief Information Officer at Location world

We have the option to scan web applications on demand. We have the option to do dynamic analysis. We also have an on-premise solution for static code analysis.

We have the option to test applications with or without credentials.

View full review »
Kangkan Goswami - PeerSpot reviewer
Advisor Solution Architect at a tech services company with 10,001+ employees

Fortify on Demand's best feature is that there's no need to install and configure it locally since it's on the cloud.

View full review »
S S RAMA KRISHNA MURTHY  SURI - PeerSpot reviewer
Senior Manager at valuelabs LLP

Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support.

View full review »
reviewer1250178 - PeerSpot reviewer
Security Information Manager at a tech services company with 10,001+ employees

The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues.

View full review »
DG
Information Security Engineer at a comms service provider with 501-1,000 employees

The UL is easy to use compared to that of other tools, and it is highly reliable. The findings provide a lower number of false positives.

It is easy to install, and the cost is fair.

View full review »
it_user1345719 - PeerSpot reviewer
Project Analyst at a financial services firm with 1,001-5,000 employees

The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications.

It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for.

View full review »
MJ
Co-Founder at TechScalable

Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices.

Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much.

View full review »
reviewer1263261 - PeerSpot reviewer
Sr. Enterprise Architect at a financial services firm with 5,001-10,000 employees

The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira. When a vulnerability is found then it is classified as a bug and sent to IT.

View full review »
CU
Chief Executive & Certified Security Administrator at Boch Systems Company Limited

We actually find all of the product's features valuable. But at this point, we are trying to upsell by adding additional components like RAFT (Re-usable Automation Framework for Testing) to the test cycle.  

View full review »
ML
Senior Application Security Analyst at a financial services firm with 10,001+ employees

What is most useful is how you can have related features upgraded on the tools. The tools themselves have details for the code as well, where the issues have been flagged, and all the vulnerabilities are there, in one place.

View full review »
IL
Head of Compliance & Quality / CISO at a tech services company with 51-200 employees

The static code analyzers are the most valuable features of this solution.

View full review »
reviewer1050960 - PeerSpot reviewer
CISO at a retailer with 1,001-5,000 employees

The product, in general, is meant to scan the website and identify any vulnerabilities: a known vulnerability across that script and SQL injection or other vulnerabilities from OWASP top 10, etc. That is what we're using this for.

The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it. 

View full review »
it_user625875 - PeerSpot reviewer
Director Consulting at a tech services company with 10,001+ employees

The features I found most valuable is that it is very configurable. The installation was also very easy. 

View full review »
NB
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees

We can run our scans properly on it. It improves future security scans.

View full review »
JM
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees

One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed. I think that's really useful.

View full review »
EP
Professor at BitBrainery University

We shared the easy to use dashboard with our programmers and involved outsourcers for a quick issues fix. 

View full review »
MK
Application Security Specialist at a tech services company with 5,001-10,000 employees

The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product). It also allows for more efficient and custom integration by allowing customized enhancements through the API support offered through the SSC portal.

View full review »
JL
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
  • The ability to utilize the Client Portal, which provided my clients with a view of the project status, vulnerabilities and needed remediation steps in real-time
  • I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification
  • The process was easy to follow and we were supported by 24/7 by TAM personnel to help with any fire drills. This was helpful many times when I needed a quick answer late at night or early in the morning
View full review »
it_user692322 - PeerSpot reviewer
Digital Security Integration Lead at a non-tech company with 10,001+ employees

The quality of application security testing reduces risk and gives very few false positives.

View full review »
it_user506661 - PeerSpot reviewer
Senior Lead at a computer software company with 1,001-5,000 employees

We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients.

View full review »
it_user512112 - PeerSpot reviewer
Technical Lead at a tech services company with 10,001+ employees
  • Scan wizard: for configuring large scans
  • Audit workbench: for on-the-fly defect auditing
  • CLI: to integrate the tool into CI/CD
View full review »
it_user488193 - PeerSpot reviewer
System Engineer at a tech services company with 501-1,000 employees

Both editions of the product have their advantages, and they complement each other.

View full review »
it_user488208 - PeerSpot reviewer
Specialist Master/Manager at a consultancy with 10,001+ employees

The static code analyzer provides views from a security perspective and it is easy to use compared to others.

View full review »
it_user455427 - PeerSpot reviewer
Development and Database Manager at a financial services firm with 501-1,000 employees

The solution simply identifies any security flaws that any of our applications might have.

View full review »
it_user441546 - PeerSpot reviewer
Information Security Lead Consultant & Application Security Specialist at a energy/utilities company with 1,001-5,000 employees

It's saved us a lot of time as we focus primarily on security consultancy work rather than tool operational work.

Also, the features SAST, DAST, Dashboard/Reports, Fortify on Demand Portal and Vulnerability Tracking, have all helped with our work.

Finally, it's reduced operational costs as we minimized security incidents and ensured all vulnerabilities are remediated during the development lifecycle.

View full review »
it_user399378 - PeerSpot reviewer
Director of Information Technology at a tech consulting company with 501-1,000 employees

It enforces source-code scanning, finding vulnerabilities in source code.

View full review »
it_user362055 - PeerSpot reviewer
Senior Manager at a tech services company with 10,001+ employees

It's one of the leaders in the application security space. I've used Fortify since 2007, and I think the most valuable feature is its ability to address the source code scanning and dynamic scanning in a known, correlated way. I think the best way to address application security is to have multiple types of scanning and a unified view for the customer.

View full review »
it_user326421 - PeerSpot reviewer
Solution Security Architect with 1,001-5,000 employees
  • It's On-Demand, and cloud-based which is well suited to occasional and price-conscious use.
  • Fast turn-around allows for easy integration into the development process without any major impact on development efforts.
View full review »
OS
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services

I was able to quickly pass compliance with HIPAA.
Correlated static and dynamic results with detailed priority guidance.
Accurate results, tailored to each application.
All results manually reviewed by application security experts .
Central testing program management for all applications.

View full review »
reviewer2107677 - PeerSpot reviewer
Cyber Security Specialist at a computer software company with 51-200 employees

The solution is user-friendly.

View full review »
reviewer961944 - PeerSpot reviewer
R&D at a tech services company with 51-200 employees

There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do. We were working with a different solution called SolarCloud previously and it was limited. We are trying to find the right level of security for our needs.

View full review »
Buyer's Guide
OpenText Core Application Security
June 2025
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.