OpenText Core Application Security Reviews

Name: OpenText Core Application Security
Brand: OpenText
Rating: 4.0 (60 reviews)

4.0 out of 5

60 reviews
89% willing to recommend

3,478 followers

What is OpenText Core Application Security?

OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.

Get the OpenText Core Application Security Buyer's Guide and find out what your peers are saying about OpenText Core Application Security, SonarQube Server (formerly SonarQube), GitLab and more!

OpenText Core Application Security is the #12 ranked solution in AST tools and #14 ranked solution in application security solutions. PeerSpot users give OpenText Core Application Security an average rating of 8.0 out of 10. OpenText Core Application Security is most commonly compared to SonarQube Server (formerly SonarQube): OpenText Core Application Security vs SonarQube Server (formerly SonarQube). OpenText Core Application Security is popular among the large enterprise segment, accounting for 72% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 20% of all views.

Buyer's Guide

OpenText Core Application Security

June 2025

Get the report

Helped 857,688 peers since 2012

Featured OpenText Core Application Security reviews

Jonathan Steyn

Principal Technical Consultant at EOH

Not challenges with the product itself. The product is very reliable. It does have a steep learning curve. But, again, one thing that Fortify or OpenText does very well is training. There are a lot of free resources and training in the community forums, free training as well as commercial training where users can train on how to use the back-end systems and the scanning engines and how to use command-line arguments because some of the procedures or some of the tools do require a bit of a learning curve. That's the only challenge I've really seen for customers because you have to learn how to use the tool effectively. But Fortify has, in fact, improved its user interface and the way users engage the dashboards and the interfaces. It is intuitive. It's easy to understand. But in some regards, the cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions. But from the point of the reliability index and how powerful the tool is, there's no challenge there. But it's just from a learning perspective; users might need a bit more skill to use the tool. The user interface isn't that tedious. It's not that difficult to understand. When I initially learned how to use the interfaces, I was able to master it within a week and was able to use it quite effectively. So training is required. All skills are needed to learn how to use the tool. I would like to see more enhancements in the dashboards. Dashboards are available. They do need some configuration and settings. But I would like to see more business intelligence capabilities within the tool. It's not particularly a cybersecurity function, but, for instance, business impact analysis or other features where you can actually use business intelligence capabilities within your security tool. That would be remarkable because not only do you have a cybersecurity tool, but you also have a tool that can give you business impact analysis and some other measurements. A bit more intelligence in terms of that from a cybersecurity perspective would be remarkable.

Read full review

Angelo Quaglia

Independent Professional at Studio Dott. Ing. Angelo Quaglia

The products must provide better integration with build tools. In SonarQube scans, the pull requests are decorated. I don't know if it is a missing integration or a limitation, but I don't see the same feature in Fortify. The developer must be able to see whether the build has failed. I would like the pull request to be decorated like SonarQube. It's just not the same experience with Fortify. I have a problem with the Java version because our projects now use OpenJDK 7 or 17, but the scan still requires JDK 1.8. It is a problem for me, and I don't know how to change it.

Read full review

Javad_Talebi

Cloud architect at Vodafone

We have added it to our operational toolkit to ensure it's part of our development spectrum. We added it directly into our Jenkins pipelines. We have some products that are publicly accessible via phone or website. These products need to be extra secure because they rely on firewalls, and hackers could potentially exploit them. Fortify on Demand provided us with valuable information on how to fix a critical API vulnerability. So, Fortify on Demand identifies critical vulnerabilities. We have two security scans. One is Fortify on Demand, and the other is for an outsourced company. For Fortify, you assign the specific branch of code you want to scan. You can scan the code you're currently deploying through Jenkins pipelines. Since it's external, you can also scan other brands if needed. Otherwise, you can specify which specific brands or smaller branches to scan within your entire codebase.

Read full review

OpenText Core Application Security mindshare

Product category:

As of June 2025, the mindshare of OpenText Core Application Security in the Application Security Tools category stands at 4.3%, down from 5.0% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

PeerResearch reports based on OpenText Core Application Security reviews

Type	Title	Date
Category	Application Security Tools	Jun 19, 2025	Download
Product	Reviews, tips, and advice from real users	Jun 19, 2025	Download
Comparison	OpenText Core Application Security vs SonarQube Server (formerly SonarQube)	Jun 19, 2025	Download
Comparison	OpenText Core Application Security vs Veracode	Jun 19, 2025	Download
Comparison	OpenText Core Application Security vs Checkmarx One	Jun 19, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	23.5%	81%	116 interviews Add to research
GitLab	4.3	2.8%	97%	84 interviews Add to research

Valuable Features

OpenText Core Application Security stands out for its efficient integration with DevOps, allowing seamless security testing during development. Its static and dynamic scanning capabilities ensure comprehensive vulnerability detection. Users value the user-friendly interface, customizable features, and detailed reporting. The ability to correlate results with prioritized guidance enhances remediation. AI-driven analysis provides actionable insights. Compatibility with multiple languages and platforms aids in addressing open-source vulnerabilities, improving security posture effectively for development teams.

"Fortify is effective in identifying such oversights, making it a really helpful tool despite its problems."
"It is valuable in improving our overall security posture by catching significant errors."
"The source code analyzer is the most effective for identifying security vulnerabilities."

Room for Improvement

OpenText Core Application Security needs better integration with incident management and CI/CD pipelines, support for more languages, and improved dynamic application security testing. Reporting and pricing require refinement and false positives need reduction. Users desire faster scanning, advanced business intelligence features, enhanced remediation guidance, stronger third-party tool integration, and support for newer technologies. Customizable reports with visual aids and more advanced security measures like AI are also sought for better efficiency and functionality.

"There are frequent complaints about false positives from Fortify. One day it may pass a scan with no issues, and the next day, without any code changes, it will report vulnerabilities such as password exposure."
"There are frequent complaints about false positives from Fortify."
"The cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions."

ROI

Client satisfaction stems from enhanced security and cost avoidance achieved through OpenText Core Application Security. Automationlike Micro Focus Fortify on Demand streamlines processes, saving time from days to minutes. Although some find it challenging to quantify ROI, the value is recognized in preventing security breaches, downtime, and leveraging cost-effective security measures. Enhanced security measures, reduced bug densities, and proactive real-time monitoring contribute to the improved security posture and reduced attack surfaces.

Pricing

Enterprise users report that OpenText Core Application Security is perceived as expensive, with a pricing model that depends on the number of scans, applications, or users. While there are no setup costs due to its on-demand nature, the subscription model and license management could benefit from flexibility improvements. Some find the cost competitive compared to other tools, and Fortify on Demand is recommended for its robust features despite its higher price. Trial versions are popular for initial evaluation.

"It is not more expensive than other solutions, but the pricing is competitive."
"Fortify on Demand is more expensive than Burpsuite. I rate its pricing a nine out of ten."
"The product's cost depends on the type of license."

Popular Use Cases

OpenText Core Application Security is primarily used for static code analysis and vulnerability scanning across various applications, ensuring security compliance. Organizations deploy it in multiple environments like web and mobile, conducting dynamic and static scans. Integrated within development platforms, it helps development teams detect vulnerabilities such as unencrypted data transmission. It supports secure development lifecycles and assists in managing and improving application security by generating reports, creating tasks in Jira, and leveraging cloud and on-premise solutions.

Service and Support

OpenText Core Application Security has received mixed feedback on customer service and technical support. Some users find the support professional and responsive, particularly in timely assistance and knowledgeable teams. However, others note delays in response times and average interactions. The team’s expertise is praised by some users, emphasizing quick problem resolutions. On the downside, there are reports of slow responses, lack of coordination, and challenges during transitions or implementations.

Deployment

Users describe a varied experience with OpenText Core Application Security's initial setup. Many find it straightforward and intuitive, highlighting easy deployment and interface. However, some report challenges, particularly with integrations and complex environments, necessitating support or expertise. The cloud-based setup is often simpler than on-premises, which can require more effort. Opinions differ based on individual circumstances and previous experiences with similar tools, with many acknowledging the ease of use once the initial setup hurdles are addressed.

Scalability

OpenText Core Application Security offers robust scalability. Users report handling vast volumes of code efficiently, catering to various company scales, from startups to large enterprises. Its cloud-based infrastructure facilitates scalability, and users highlight the absence of significant limitations. Challenges are noted in pricing when scaling to higher code volumes. Overall, the application performs well for code scanning across different industries, allowing multiple users to engage without issues.

Stability

Users report that OpenText Core Application Security is generally stable with limited issues. While many appreciate its reliability and absence of crashes, some encounter memory-related challenges, especially during scans. Static scans on JavaScript-heavy code can be slow, requiring substantial system resources. Occasional browser hiccups are noted, but these are minor. System updates contribute to stability. Despite certain areas for improvement, users typically rate stability highly, with scores often around nine or ten out of ten.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our OpenText Core Application Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

20%

Manufacturing Company

15%

Computer Software Company

11%

Government

Insurance Company

Healthcare Company

Educational Organization

University

Comms Service Provider

Real Estate/Law Firm

Construction Company

Energy/Utilities Company

Retailer

Media Company

Aerospace/Defense Firm

Transportation Company

Hospitality Company

Non Profit

Legal Firm

Logistics Company

Performing Arts

Pharma/Biotech Company

Wholesaler/Distributor

Outsourcing Company

Consumer Goods Company

Recreational Facilities/Services Company

Marketing Services Firm

Compare OpenText Core Application Security with alternative products

Learn more about OpenText Core Application Security

OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.

What features define OpenText Core Application Security?

Static and Dynamic Scanning: Offers thorough analysis to identify vulnerabilities during development.
Real-time Vulnerability Tracking: Continuously updates and monitors potential security threats.
Seamless Development Platform Integration: Enhances security processes without disrupting workflows.
Cloud-Based Service: Provides flexible, on-demand security capabilities with accurate results.
API Support: Allows smooth integration and automation within existing systems.

What benefits should users look for in reviews?

Reduced Operational Costs: Optimizes resources by lowering costs associated with security management.
Efficient Remediation: Speeds up the process of identifying and resolving vulnerabilities.
Enhanced Code Security: Strengthens overall application security during the development lifecycle.
Accelerated Time-to-Market: Streamlines development stages by integrating essential security tools.

Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.

OpenText Core Application Security was previously known as Micro Focus Fortify on Demand.