OpenText Core Application Security Reviews

• It's On-Demand, and cloud-based which is well suited to occasional and price-conscious use.
• Fast turn-around allows for easy integration into the development process without any major impact on development efforts.

It has added a very quick turnaround for security code reviews which allowed us to integrate this (formerly missing) function into the overall development and testing lifecycle.

It needs to support more languages.

I've used it for three months.

No issues encountered.

No issues encountered.

No issues encountered.

Excellent – from the PoC through setup and implementation; we received timely and knowledgeable support whenever we need it.

We tried to do it by hand (which was very time consuming and error-prone) and some tools built-in to Visual Studio (which was not widely accepted by individuals).

We had some issue with logins and account setups, but received excellent support.

We implemented it ourselves with the help of HP.

Don’t know since the project got cancelled.

Take advantage of the free trial and conduct a meaningful PoC. Get a buy-in from upper management early and co-ordinate with all stakeholders (e.g. developers, testing and/or QA groups).

I was able to quickly pass compliance with HIPAA.
Correlated static and dynamic results with detailed priority guidance.
Accurate results, tailored to each application.
All results manually reviewed by application security experts .
Central testing program management for all applications.

HP Fortify on Demand provides an independent review of third-party applications, allowing organizations to test software before purchasing, and also allowing software vendors to demonstrate the security of their software. Third-party vendors can upload the source code and/or provide a URL, review the results, and then publish a report back to their customer.

This service compels commercial vendors to take action to proactively fix vulnerabilities, while allowing them to remain in control of their applications. Security professionals can demand that high-priority problems be addressed and verified during the procurement or upgrade process, prior to acceptance. HP Fortify on Demand serves as an independent third-party solution to conduct unbiased analysis of applications and provide a detailed tamper-proof report back to the security team.

You are going to like the new detailed reporting. It can correlate the results from different forms of testing and prioritize them by severity to present the truest representation of application risk.

1 year

It was very easy to install and deploy.

No.

No. Scalable infrastructure allows for fast turnaround times and it has no limitations based on lines of code, megabytes, or anything else.

Good

Good

I currently use other solutions. We gave HP Fortify on Demand a try and we are very happy with the results.

Yes. Very easy.

We tried the free version first and then we acquired the software the product website.

Keep in mind that the calculation for return on investment and, therefore the definition, can be modified to suit the situation. It all depends on what you include as returns and costs. The definition of the term in the broadest sense just attempts to measure the profitability of an investment and, as such, there is no one "right" calculation. But, I have to say the client is very satisfied.

Try the free version first.

I am already using other software. We wanted to try it and it works like a charm.

Trust me, you want to be able to do automated and manual testing on a web application that is live.

The solution is used for web application listing, like, SaaS.

The solution is user-friendly.

I would like the solution to add AI support.

I have been using the solution for one month.

I give the stability a nine out of ten.

I give the scalability a nine out of ten.

We have three people using the solution in our organization.

I am satisfied with the technical support.

Positive

We previously used SonarQube which is an open-source solution. We switched because we needed an easy-to-understand and configure UI.

I give the initial setup a nine out of ten. The deployment took a few hours and required one person to implement.

I give the solution a nine out of ten.

I recommend the solution to others and I am totally satisfied with it.

We are using Micro Focus Fortify on Demand because in the beginning we were using the on-premise version and it was very limited. We thought we could do everything wanted with the on-premise solution. However, it was not easy to use. 

We are testing the Micro Focus Fortify on Demand solution to improve security.

We are using the on-premise version of this solution for the static code for developers. For the dynamic code, we're using Micro Focus Fortify on Demand.

There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do. We were working with a different solution called SolarCloud previously and it was limited. We are trying to find the right level of security for our needs.

I have been using Micro Focus Fortify on Demand for approximately eight months.

The support is good. Their support is in the Netherlands, sometimes it takes some time for the time zone difference between Latin America and the Netherlands but overall the support is good.

The implementation of Micro Focus Fortify on Demand was simple, since it is on the cloud everything is automatic. They give you an account and that is all, you use the product.

The premise solution is more rentable. However, it is asking for a lot of effort in the implementation, administration, and integration in the pipeline. It takes time until the company comes to the right level to be able to manage this product. Even with the right partners in Latin America that work with us, it took some time.

We had partners in Latin America that help us integrate the implementation of the Micro Focus Fortify on Demand.

The solution is expensive and the price could be reduced.

My advice to others is if you choose Micro Focus Fortify on Demand, it's very simple to use. If they choose the on-premise version for the static code, they will need a person to manage it to be sure that it's integrated with all the pipelines that they developed. 

I rate Micro Focus Fortify on Demand a seven out of ten.