Coming October 25: PeerSpot Awards will be announced! Learn more

Micro Focus Fortify on Demand Questions

Ra S - PeerSpot reviewer
Ra S
Manage Technology COE's and Innovation at a computer software company with 1,001-5,000 employees

I work in a software and R&D company managing technology COEs and innovation. 

We are currently evaluating Micro Focus Fortify on Demand. What are the overall costs involved? 

Thanks! I appreciate the help. 

    Paul Canchignia - PeerSpot reviewer
    Paul CanchigniaFOD per APP (1 round) like $1000.00 Cost for a partner.
    1 Answer
    Miriam Tover - PeerSpot reviewer
    Miriam Tover
    Senior Delivery Ops Manager
    PeerSpot (formerly IT Central Station)
    One of the most popular comparisons on IT Central Station is Fortify on Demand vs SonarQube. People like you are trying to decide which one is best for their company. Can you help them out? What is the biggest difference between Fortify on Demand and SonarQube? Which of these two solutions woul...
    Read More »
    Miriam Tover - PeerSpot reviewer
    Miriam Tover
    Senior Delivery Ops Manager
    PeerSpot (formerly IT Central Station)
    Jul 18 2022

    Hi Everyone,

    What do you like most about Micro Focus Fortify on Demand?

    Thanks for sharing your thoughts with the community!

    Julia Frohwein - PeerSpot reviewer
    Julia Frohwein
    Content and Social Media Manager
    PeerSpot (formerly IT Central Station)
    Jul 18 2022

    Hi,

    We all know it's really hard to get good pricing and cost information.

    Please share what you can so you can help your peers.

    Julia Frohwein - PeerSpot reviewer
    Julia Frohwein
    Content and Social Media Manager
    PeerSpot (formerly IT Central Station)
    Jul 18 2022

    Please share with the community what you think needs improvement with Micro Focus Fortify on Demand.

    What are its weaknesses? What would you like to see changed in a future version?

    Julia Frohwein - PeerSpot reviewer
    Julia Frohwein
    Content and Social Media Manager
    PeerSpot (formerly IT Central Station)
    Jul 18 2022

    How do you or your organization use this solution?

    Please share with us so that your peers can learn from your experiences.

    Thank you!

    Julia Frohwein - PeerSpot reviewer
    Julia Frohwein
    Content and Social Media Manager
    PeerSpot (formerly IT Central Station)
    Jul 18 2022

    If you were talking to someone whose organization is considering Micro Focus Fortify on Demand, what would you say?

    How would you rate it and why? Any other tips or advice?

    Application Security Tools Questions
    Shibu Babuchandran - PeerSpot reviewer
    Shibu Babuchandran
    Regional Manager/ Service Delivery Manager at ASPL INFO Services
    Jul 28 2022

    What is CAPTCHA and how does It work? What are the potential use cases of CAPTCHA for AI?

    Christy Limestall - PeerSpot reviewer
    Christy LimestallCAPTCHA, Completely Automated Public Turing test to tell Computers and Humans… more »
    1 Answer
    KamalKapur - PeerSpot reviewer
    KamalKapur
    Quality Executive at Dharampal Premchand Limited(DPPCL)
    Oct 06 2022
    Hello, I work as a Quality Executive at a Consumer Goods company.  At the moment, we're researching an email security solution. We have 1000+ users. Among others, we've been looking at these products: Cisco Secure Email, Forcepoint Email Security and Barracuda Email Security Gateway.  Which o...
    Read More »
    TundeOgunkoya - PeerSpot reviewer
    TundeOgunkoyaHi Kamal,  Firstly, you would have to recognize that there is/are no fast and… more »
    SimonClark - PeerSpot reviewer
    SimonClarkTunde is absolutely right and is what I was trying to say in my first answer… more »
    6 Answers
    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)
    Sep 02 2022

    Hi infosec pros,

    How are these two terms different? What modern tools and techniques should you use to protect each data?

    ChrisLowe - PeerSpot reviewer
    ChrisLoweData protection at rest - data storage has encryption applied, at the OS… more »
    PatrickWheaton - PeerSpot reviewer
    PatrickWheaton"Data protection at rest" means when it is stored on the hard drive, tape… more »
    5 Answers
    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)

    What are the practical use cases of ASPM? What tools can be used for ASPM?

    ZvikaRonen - PeerSpot reviewer
    ZvikaRonenI'd like to add to the previous comment the SCA (software composition analysis)… more »
    2 Answers
    Eric Signe - PeerSpot reviewer
    Eric Signe
    INFORMATION SECURITY ANALYST / ARCH at octosafes inc
    Jul 21 2022

    Hi infosec professionals,

    I'd like to understand better the main highlights of WAF security. E.g., what type of security can be achieved with a WAF tool?

    Thank you for sharing your knowledge.

    Eric Signe - PeerSpot reviewer
    Eric Signe-Application security  -OWASP top 10 -Protection on two aspects:… more »
    Tom Foale - PeerSpot reviewer
    Tom FoaleA good WAF secures not just your websites and cloud applications but will… more »
    3 Answers
    Shibu Babuchandran - PeerSpot reviewer
    Shibu Babuchandran
    Regional Manager/ Service Delivery Manager at ASPL INFO Services
    May 19 2022

    Hi community,

    What are your top 5 (or less) cyber security trends in 2022?

    Thanks in advance!

    Pablo Cousino - PeerSpot reviewer
    Pablo Cousino1) Security in endpoints (especially because of remote work), especially to… more »
    Bret Mantey - PeerSpot reviewer
    Bret Mantey Look to the most recent Presidential order regarding security: Executive… more »
    Jairo Willian Pereira - PeerSpot reviewer
    Jairo Willian Pereira1. [True!] Cloud Security hardening/assessment.  2. AI (for massive data… more »
    10 Answers
    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)

    Hi infosec professionals.

    What are your top choices of tools to use for mobile penetration testing this year?

    Thanks for sharing your knowledge!

    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)

    Hi peers,

    What top trends do you predict about DevOps and DevSecOps for 2022? 

    In your opinion, what is gonna change this year vs 2020-2021?

    ZvikaRonen - PeerSpot reviewer
    ZvikaRonenMy prediction is that company will adopt SCA tools into their CI/CD to manage… more »
    Vishal-Goyal - PeerSpot reviewer
    Vishal-GoyalInfrastructure as a Code scripts testing, API security testing and SCA will gain… more »
    2 Answers
    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)

    Hi community,

    How do you practically use it and apply Security Posture/Security Posture Management in a large organization?

    Tnx.

    Vishal-Goyal - PeerSpot reviewer
    Vishal-GoyalSecurity posture will include a number of things. The following artifacts… more »
    1 Answer
    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)
    Hi peers, I believe many of you have already heard of the recent Log4j/Log4Shell vulnerability that allows attackers to perform remote code execution (RCE). What does it mean for an organization? How can you check you're vulnerable and mitigate/patch it now, if at all? Lastly, what impact do...
    Read More »
    ITSecuri7cfd - PeerSpot reviewer
    ITSecuri7cfdYet another chance to test our incident response procedures.  So far I would… more »
    SimonClark - PeerSpot reviewer
    SimonClarkThis vulnerability is particularly critical because Log4j is widely used in open… more »
    Jairo Willian Pereira - PeerSpot reviewer
    Jairo Willian PereiraOne excellent opportunity for the company to test your CMDB/Inventory (at medium… more »
    5 Answers
    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)

    When do you use each of those tools?

    Abhirup Sarkar - PeerSpot reviewer
    Abhirup SarkarSAST: Static application security testing (SAST) is used to secure software by… more »
    Vishal-Goyal - PeerSpot reviewer
    Vishal-GoyalSCA looks at open-source libraries only and associates vulnerabilities, license… more »
    3 Answers
    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)
    Jun 28 2022

    Hello,

    Would you recommend using an open-source WAF for a large company? If so, which one and why?

    Thanks.

    Evgeny Belenky - PeerSpot reviewer
    Evgeny Belenky
    PeerSpot (formerly IT Central Station)

    Hi peers,

    What are the OWASP Top 10 this year? 

    What single web app security tool (or a minimum set of tools) would you recommend for overall web app protection (from the most critical security risks covered by these Top 10)?

    Andrew Van Der Stock - PeerSpot reviewer
    Andrew Van Der StockWe are due to release the OWASP Top 10 2021 on September 24, 2021. We will be… more »
    Curtis Yanko - PeerSpot reviewer
    Curtis YankoI’m not sure the top 10 is changing this year but if it is it will be to squeeze… more »
    Vishal-Goyal - PeerSpot reviewer
    Vishal-GoyalBelieve no single tool will address all OWASP Top 10 issues. One will need a… more »
    4 Answers
    Kit Ted - PeerSpot reviewer
    Kit Ted
    User at h

    I'm currently researching the following two application security tools: Coverity and SonarQube.

    Can anyone point me out to main differences between these 2 products?

    Thanks for your help!

    Rony_Sklar - PeerSpot reviewer
    Rony_Sklar
    PeerSpot (formerly IT Central Station)
    There are many cybersecurity tools available, but some aren't doing the job that they should be doing.  What are some of the threats that may be associated with using 'fake' cybersecurity tools? What can people do to ensure that they're using a tool that actually does what it says it does?
    Read More »
    SimonClark - PeerSpot reviewer
    SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
    Dan Doggendorf - PeerSpot reviewer
    Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
    Javier Medina - PeerSpot reviewer
    Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
    12 Answers
    Manoj Kumar Kemisetty - PeerSpot reviewer
    Manoj Kumar Kemisetty
    Sap Advanced Business Application Programming Consultant at Accenture

    Hi community members,

    Is SonarQube is the best tool for static analysis? Are there any good tools that compete with SonarQube?

    Peter Arvedlund - PeerSpot reviewer
    Peter ArvedlundI am not very familiar with SonarQube and their solutions, so I can not answer… more »
    Purushothaman K - PeerSpot reviewer
    Purushothaman KThe static tool we can use is Fortify or IBM Appscan. SonarQube is widely used… more »
    Rama Susarla - PeerSpot reviewer
    Rama SusarlaSonarQube is one of the widely used and easy-to-use tools.  With some easy… more »
    10 Answers
    Menachem D Pritzker - PeerSpot reviewer
    Menachem D Pritzker
    Director of Growth
    PeerSpot (formerly IT Central Station)
    On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass. Hacked accounts included Barack Obama, Joe Biden, Bill Gates,...
    Read More »
    Ken Shaurette - PeerSpot reviewer
    Ken ShauretteFor some good information from a leading expert check out the webinar today 7/17… more »
    Ken Shaurette - PeerSpot reviewer
    Ken ShauretteI like the potential for catching an unusual activity like that with our… more »
    Russell Webster - PeerSpot reviewer
    Russell WebsterSpan of control, Solid RBAC, Privileged Access Management (PAM) 
    6 Answers
    Rony_Sklar - PeerSpot reviewer
    Rony_Sklar
    PeerSpot (formerly IT Central Station)

    Hi,

    Many companies wonder whether SAST or DAST is better for application security testing. 

    What are the relative benefits of each methodology? Is it possible to make use of both?

    Dan Doggendorf - PeerSpot reviewer
    Dan DoggendorfSAST and  DAST are not mutually exclusive and should be used in conjunction with… more »
    Oscar Van Der Meer - PeerSpot reviewer
    Oscar Van Der MeerFor application security you ideally need SAST, SCA and DAST. You need all three… more »
    Thomas Ryan - PeerSpot reviewer
    Thomas RyanThe easiest way to remember the role of each: SCA & SAST = Am I Vulnerable… more »
    6 Answers
    Meng Chen - PeerSpot reviewer
    Meng Chen
    Student at Syracuse University
    What are the main differences between Black Duck and Veracode for Software Composition Analysis (SCA)?
    Read More »
    Oscar Van Der Meer - PeerSpot reviewer
    Oscar Van Der MeerClients that have benchmarked our solution against both BlackDuck and Veracode… more »
    Bruno Schiavetti - PeerSpot reviewer
    Bruno SchiavettiIt really comes down to what your expectations are. Blackduck has the ability to… more »
    2 Answers
    Rony_Sklar - PeerSpot reviewer
    Rony_Sklar
    PeerSpot (formerly IT Central Station)

    Which single application security tool provides the best overall protection?

    Kangkan Goswami - PeerSpot reviewer
    Kangkan GoswamiThe best source to know the OWASP risks is the OWASP website. For top 10 risks… more »
    3 Answers
    CK Low - PeerSpot reviewer
    CK Low
    User

    Hi peers, 

    I am researching application security software for my organization. We provide systems to the airline industry.

    Which products provide both vulnerability scanning and quality checks?

    Which one(s) do you recommend and why?

    Thanks,

    CK

    TundeOgunkoya - PeerSpot reviewer
    TundeOgunkoyaWhilst it may appear as though the real solution to a question like yours is to… more »
    davidstrom - PeerSpot reviewer
    davidstromBurp Suite from PortSwigger (pen testing and vuln scans) and WebGoat from OWASP… more »
    Tiago Stello - PeerSpot reviewer
    Tiago StelloI use and recommend Micro Focus Fortify for SAST, DAST, and real-time code… more »
    11 Answers
    Miriam Tover - PeerSpot reviewer
    Miriam Tover
    Senior Delivery Ops Manager
    PeerSpot (formerly IT Central Station)
    Application security is one of the fastest trending topics from IT Central Station community members. Why do companies need to purchase app security software?  Is it due to common web application vulnerability types (e.g. Cross-Site Scripting, SQL injection, CSRF injection) that these solutions ...
    Read More »
    HansEnders - PeerSpot reviewer
    HansEndersAcquiring the tools is not the goal, it is to operate an Application Security… more »
    Vijayanathan Naganathan - PeerSpot reviewer
    Vijayanathan NaganathanApplication security software is needed to unearth vulnerabilities in the target… more »
    Boris Paskalev - PeerSpot reviewer
    Boris PaskalevOne needs application security tools and hopefully, those that can find the new… more »
    9 Answers
    Nick Regan - PeerSpot reviewer
    Nick Regan
    Senior Project Manager
    PeerSpot
    One of the most popular comparisons on IT Central Station is Netsparker Web Application Security Scanner vs OWASP Zap. People like you are trying to decide which one is best for their company. Can you help them out? Which of these two solutions would you recommend for Application Security? Why?...
    Read More »
    it_user703014 - PeerSpot reviewer
    Senior Web Developer at KPMG

    We have always heard that if we compress the file it reduces the size and we can send it easily. But my question is, does compressing always decrease the size of the file or does it increase as well? 

    it_user703014 - PeerSpot reviewer
    Senior Web Developer at KPMG
    Encrypt means to convert (information or data) into a cipher or code, especially to prevent unauthorized access. Compression is a reduction in the number of bits needed to represent data. So the question is, what do we do first? Encrypt or compress during data transmission?
    Read More »
    it_user161343 - PeerSpot reviewer
    it_user161343This question regarding encrypt and compress data, in which order was a good… more »
    it_user570081 - PeerSpot reviewer
    it_user570081First compress and then encrypt.
    21 Answers
    it_user668973 - PeerSpot reviewer
    User
    Hello I use Acunetix 11, There is an internal Server Error in all web service scans (V10 , V11). I wonder what is the reason of this error and how can I fix it. For further details, We have a WCF web service. Best Regards.
    Read More »
    it_user371577 - PeerSpot reviewer
    User at a tech company with 51-200 employees
    We are mainly a VMware customer and for security Tripwire is being recommended. However, upon research I found that VMware has vCenter Configuration Manager and I'm checking to see if that's an alternative. If not vCM, does anyone recommend any other products? How about CIMCOM?Thanks.
    Read More »
    it_user372162 - PeerSpot reviewer
    it_user372162Have you looked into ScriptRock yet? It's a great platform for configuration… more »
    10 Answers
    Ariel Lindenfeld - PeerSpot reviewer
    Ariel Lindenfeld
    Sr. Director of Community
    PeerSpot (formerly IT Central Station)

    Let the community know what you think. Share your opinions now!

    reviewer1434390 - PeerSpot reviewer
    reviewer1434390I would check the authentication steps required. How does the data storage work… more »
    SimonClark - PeerSpot reviewer
    SimonClarkMost companies have hundreds of apps so it is impractical to ensure every single… more »
    16 Answers
    Ariel Lindenfeld - PeerSpot reviewer
    Ariel Lindenfeld
    Sr. Director of Community
    PeerSpot (formerly IT Central Station)

    Has anyone done a comparison between Checkmarx and Veracode application security testing?

    What are the main pros and cons of each solution?

    What else do we need to consider when evaluating these two products?

    it_user318207 - PeerSpot reviewer
    it_user318207As someone who has been long using HP Fortify, I've been actively looking at… more »
    2 Answers