Try our new research platform with insights from 80,000+ expert users
OpenText Core Application Security Logo

OpenText Core Application Security pros and cons

Vendor: OpenText
4.0 out of 5
3,478 followers
Start review

Pros & Cons summary

OpenText Core Application Security offers a cloud-based platform that integrates with development environments for efficient security checks and reduced risks. Its static code analyzer detects vulnerabilities early, integrating with CI/CD tools to streamline detection. However, it requires better integration with third-party tools and container scanning. False positives and slow technical support affect its reliability. Enhanced strategic analysis reports and enterprise views are necessary for comprehensive application security management.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

OpenText Core Application Security provides on-demand intrusion attack results with HP Security Expert support.
It helps identify security vulnerabilities early in development to fix issues before product rollout.
OpenText Core Application Security integrates with SSC portals for instant error tracking.
Its capability to run background code submissions boosts efficiency and addresses specific security needs with expert support.
The system is intuitive, delivers detailed vulnerability info, and offers remediation examples in different programming languages.

CONS

OpenText Core Application Security struggles with lengthy scan times, sometimes taking three to five days to complete.
It identifies a significant number of false positives, creating challenges for feedback accuracy.
The Fortify on Demand component is not fully integrated with CI/CD pipelines, impacting efficiency.
It encounters issues with comprehensive support for new technologies and DevOps practices.
Integration with bug tracking and build tools is insufficient, lacking necessary compatibility and functionality.
 

OpenText Core Application Security Pros review quotes

Jonathan Steyn - PeerSpot reviewer
Aug 12, 2024
The source code analyzer is the most effective for identifying security vulnerabilities.
Read full review
reviewer1050960 - PeerSpot reviewer
May 15, 2019
The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it.
Read full review
CP
Jul 6, 2023
Each bank may have its own core banking applications with proprietary support for different programming languages. This makes Fortify particularly relevant and advantageous in those cases.
Read full review
Buyer's Guide
OpenText Core Application Security
June 2025
Free Report: OpenText Core Application Security Reviews and More
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
DOWNLOAD NOW
857,688 professionals have used our research since 2012.
DV
Dec 16, 2020
One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that.
Read full review
reviewer1078392 - PeerSpot reviewer
Dec 6, 2020
Being able to reduce risk overall is a very valuable feature for us.
Read full review
reviewer1263261 - PeerSpot reviewer
Jan 12, 2020
The most valuable feature is that it connects with your development platforms, such as Microsoft Information Server and Jira.
Read full review
JM
Aug 14, 2018
One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed.
Read full review
Jayashree Acharyya - PeerSpot reviewer
Sep 8, 2021
Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning.
Read full review
it_user625875 - PeerSpot reviewer
Oct 28, 2018
I do not remember any issues with stability.
Read full review
FC
Jan 28, 2021
The solution saves us a lot of money. We're trying to reduce exposure and costs related to remediation.
Read full review
Show 10 more reviews (out of 52)
 

OpenText Core Application Security Cons review quotes

Jonathan Steyn - PeerSpot reviewer
Aug 12, 2024
The cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions.
Read full review
reviewer1050960 - PeerSpot reviewer
May 15, 2019
Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse.
Read full review
CP
Jul 6, 2023
Temenos's (T-24) info basic is a separate programming interface, and such proprietary platforms and programming interfaces were not easily supported by the out-of-the-box versions of Fortify.
Read full review
Buyer's Guide
OpenText Core Application Security
June 2025
Free Report: OpenText Core Application Security Reviews and More
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
DOWNLOAD NOW
857,688 professionals have used our research since 2012.
DV
Dec 16, 2020
During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us.
Read full review
reviewer1078392 - PeerSpot reviewer
Dec 6, 2020
They have a release coming out, which is full of new features. Based on their roadmap, there's nothing that I would suggest for them to put in it that they haven't already suggested. However, I am a customer, so I always think the pricing is something that could be improved. I am working with them on that, and they're very flexible. They work with their customers and kind of tailor the product to the customer's needs. So far, I am very happy with what they're able to provide. Their subscriptions could use a little bit of a reworking, but that would be about it.
Read full review
reviewer1263261 - PeerSpot reviewer
Jan 12, 2020
This solution would be improved if the code-quality perspective were added to it, on top of the security aspect.
Read full review
JM
Aug 14, 2018
It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers.
Read full review
Jayashree Acharyya - PeerSpot reviewer
Sep 8, 2021
Micro Focus Fortify on Demand cannot be run from a Linux Agent. When we are coding the endpoint it will not work, we have to use Windows Agent. This is something they could improve.
Read full review
it_user625875 - PeerSpot reviewer
Oct 28, 2018
There were some regulated compliances, which were not there.
Read full review
FC
Jan 28, 2021
There's a bit of a learning curve. Our development team is struggling with following the rules and following the new processes.
Read full review
Show 10 more reviews (out of 51)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs OpenText Core Application Security Logo
SonarQube Server (formerly SonarQube) vs OpenText Core Application Security
GitLab vs OpenText Core Application Security Logo
GitLab vs OpenText Core Application Security
Snyk vs OpenText Core Application Security Logo
Snyk vs OpenText Core Application Security
Checkmarx One vs OpenText Core Application Security Logo
Checkmarx One vs OpenText Core Application Security
Veracode vs OpenText Core Application Security Logo
Veracode vs OpenText Core Application Security
Coverity vs OpenText Core Application Security Logo
Coverity vs OpenText Core Application Security
Mend.io vs OpenText Core Application Security Logo
Mend.io vs OpenText Core Application Security
OWASP Zap vs OpenText Core Application Security Logo
OWASP Zap vs OpenText Core Application Security
SonarQube Cloud (formerly SonarCloud) vs OpenText Core Application Security Logo
SonarQube Cloud (formerly SonarCloud) vs OpenText Core Application Security
GitHub Advanced Security vs OpenText Core Application Security Logo
GitHub Advanced Security vs OpenText Core Application Security
Sonatype Lifecycle vs OpenText Core Application Security Logo
Sonatype Lifecycle vs OpenText Core Application Security
Acunetix vs OpenText Core Application Security Logo
Acunetix vs OpenText Core Application Security
HCL AppScan vs OpenText Core Application Security Logo
HCL AppScan vs OpenText Core Application Security
PortSwigger Burp Suite Professional vs OpenText Core Application Security Logo
PortSwigger Burp Suite Professional vs OpenText Core Application Security
Qualys Web Application Scanning vs OpenText Core Application Security Logo
Qualys Web Application Scanning vs OpenText Core Application Security
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs OpenText Core Application Security Logo
SonarQube Server (formerly SonarQube) vs OpenText Core Application Security
GitLab vs OpenText Core Application Security Logo
GitLab vs OpenText Core Application Security
Snyk vs OpenText Core Application Security Logo
Snyk vs OpenText Core Application Security
Checkmarx One vs OpenText Core Application Security Logo
Checkmarx One vs OpenText Core Application Security
Veracode vs OpenText Core Application Security Logo
Veracode vs OpenText Core Application Security
Coverity vs OpenText Core Application Security Logo
Coverity vs OpenText Core Application Security
Mend.io vs OpenText Core Application Security Logo
Mend.io vs OpenText Core Application Security
OWASP Zap vs OpenText Core Application Security Logo
OWASP Zap vs OpenText Core Application Security
SonarQube Cloud (formerly SonarCloud) vs OpenText Core Application Security Logo
SonarQube Cloud (formerly SonarCloud) vs OpenText Core Application Security
GitHub Advanced Security vs OpenText Core Application Security Logo
GitHub Advanced Security vs OpenText Core Application Security
Sonatype Lifecycle vs OpenText Core Application Security Logo
Sonatype Lifecycle vs OpenText Core Application Security
Acunetix vs OpenText Core Application Security Logo
Acunetix vs OpenText Core Application Security
HCL AppScan vs OpenText Core Application Security Logo
HCL AppScan vs OpenText Core Application Security
PortSwigger Burp Suite Professional vs OpenText Core Application Security Logo
PortSwigger Burp Suite Professional vs OpenText Core Application Security
Qualys Web Application Scanning vs OpenText Core Application Security Logo
Qualys Web Application Scanning vs OpenText Core Application Security
See all alternatives
Related questions
  • 38
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 18
What are the costs for Micro Focus Fortify on Demand?
  • 520
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 27
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 80
What are the Top 5 cybersecurity trends in 2022?
  • 104
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 29
We're evaluating Tripwire, what else should we consider?
  • 9
Which application security solutions include both vulnerability scans and quality checks?
  • 1,219
Is SonarQube the best tool for static analysis?
  • 18
Why Do I Need Application Security Software?