No more typing reviews! Try our Samantha, our new voice AI agent.
Fortify Application Defender Logo

Fortify Application Defender Reviews

Vendor: OpenText
3.9 out of 5
Leave a review

What is Fortify Application Defender?

Fortify Application Defender offers strong protection by identifying and resolving security defects using machine learning and real-time remediation. Its user-friendly interface simplifies integration in CI/CD workflows and supports security scanning across operating systems and compilers.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about Fortify Application Defender, SonarQube, Snyk and more!
Fortify Application Defender is the #25 ranked solution in application security solutions. PeerSpot users give Fortify Application Defender an average rating of 7.8 out of 10. Fortify Application Defender is most commonly compared to SonarQube: Fortify Application Defender vs SonarQube. Fortify Application Defender is popular among the large enterprise segment, accounting for 55% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 19% of all views.
Buyer's Guide
Application Security Tools
April 2026
Get the category report
Helped 890,124 peers since 2012

Featured Fortify Application Defender reviews

Read more reviews

Fortify Application Defender mindshare

As of April 2026, the mindshare of Fortify Application Defender in the Application Security Tools category stands at 1.3%, up from 0.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Fortify Application Defender1.3%
SonarQube14.5%
Checkmarx One9.2%
Other75.0%
Application Security Tools
 
 
Key learnings from peers

Valuable Features

Fortify Application Defender's most valuable features include real-time data analysis, security defect identification, simple user interface, static code analysis, automatic vulnerability notifications, machine learning algorithms, and rule customization. It integrates easily with code repositories and CI/CD pipelines and offers fast scanning. The tool provides specific application defense, helpful information for issue resolution, and software composition analysis, enhancing security assessments and saving cost and time. Its rule configuration and default code packages are also appreciated.
  • "We are able to provide our customers with a secure application after development; they are no longer left wondering if they are vulnerable to different threats within the market following deployment."
  • "The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
  • "Fortify Application Defender has a few drawbacks, it has its own pros and cons, but it's a good tool to use in any industry."

Room for Improvement

Fortify Application Defender lacks support for older compilers and IDEs, limiting its compatibility with legacy systems. It struggles with performance, complex licensing, and offers inadequate technical support. The tool's false positive rate is high, especially for Python. It lacks support for additional programming languages and platforms like Python and GRAAS. It should integrate better with code review tools and improve scanning speed. Integration with Azure DevOps Marketplace would enhance usability.
  • "The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
  • "The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
  • "Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."

Pricing

Enterprise users report that Fortify Application Defender's base licensing costs $900 USD per application annually. Pricing may vary significantly based on company size and project type, ranging from $10,000 to over $200,000, with some companies paying around 50 lakhs. Complexity in licensing is highlighted, with the tool being described as expensive compared to competitors. Pricing ratings from users range between five and seven out of ten, often pointing to higher costs despite available trial periods.
  • "I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."
  • "The product’s price is much higher than other tools."
  • "Fortify Application Defender is very expensive."

Popular Use Cases

Fortify Application Defender is utilized by organizations for static code analysis across various environments like Altera, Xilinx, Linux, and Windows. Teams employ the system to ensure security in banking projects by checking code for exposed IPs and passwords. It serves as an additional layer for application-specific threat blocking and is integrated into DevOps pipelines. Companies use it for large-scale code scanning, assessing security defenses, and supporting agile development processes.

Service and Support

Customer service and support for Fortify Application Defender show mixed feedback. Some find technical support helpful and responsive, while others note the need for improvement, citing issues since the acquisition by HP. Communication and resolution speed are areas for enhancement. Some rely on partners and find the documentation comprehensive. Several appreciate the vendor's willingness to address technical challenges, although many feel that support lacks sufficient expertise. Senior management is aware and working on resolving these issues.

Deployment

Initial setup experiences with Fortify Application Defender are generally straightforward, requiring collaboration between security and operations teams for successful deployment. In development environments, deployment may take five minutes, while pre-production and production can require more time due to maturity needs. Companies find the setup easy, rating it between six to eight out of ten. Deployments can take from four hours to a week, depending on integration complexities. Maintenance typically requires minimal staff involvement.

Scalability

Fortify Application Defender demonstrates good scalability for many users and projects. Some note that proper infrastructure enhances scalability. Concerns arise with increasing code complexity and licensing issues. Scalability ratings range from three to eight out of ten. The tool is actively used in cloud-based environments integrating various tests, but issues with handling numerous lines of code and licensing limitations have been highlighted by users. Generally, scalability is viewed positively with a few reservations.

Stability

Users consistently find Fortify Application Defender stable, describing it as robust and reliable. Many express satisfaction with its performance, noting minimal issues impacting dependability. It is often viewed as a "deploy it and forget it" type system, suggesting long-term reliability. Ratings for its stability frequently include perfect scores, such as ten out of ten, with several users considering it excellent and dependable, highlighting their positive assessment of its long-term functionality and effectiveness.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Application Security Tools Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise6
By reviewers
By visitors reading reviews
Company SizeCount
Small Business46
Midsize Enterprise29
Large Enterprise91
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
19%
Manufacturing Company
10%
Construction Company
7%
Computer Software Company
6%
Insurance Company
5%
University
5%
Comms Service Provider
5%
Government
5%
Media Company
5%
Performing Arts
4%
Outsourcing Company
3%
Healthcare Company
3%
Transportation Company
3%
Real Estate/Law Firm
2%
Energy/Utilities Company
2%
Logistics Company
2%
Non Profit
2%
Retailer
2%
Wholesaler/Distributor
1%
Educational Organization
1%
Marketing Services Firm
1%
Non Tech Company
1%
Renewables & Environment Company
1%
Recreational Facilities/Services Company
1%
Museum Or Institution
1%
Leisure / Travel Company
1%
Aerospace/Defense Firm
1%
Wellness & Fitness Company
1%
Consumer Goods Company
1%

Compare Fortify Application Defender with alternative products

Go!

Learn more about Fortify Application Defender

Fortify Application Defender is a comprehensive tool for static code analysis and security scanning. It integrates machine learning algorithms to identify vulnerabilities quickly and offers real-time remediation solutions. Its seamless integration with WebInspect allows for tailored rule sets that significantly improve defense against application-specific threats. The tool's efficiency in static and software composition analysis provides actionable repair insights. As part of a DevOps pipeline, it aids in maintaining code quality, helping organizations protect sensitive information within their applications. Additionally, it supports multiple operating systems and environments, allowing users to scan for vulnerabilities in both code and libraries effectively.

What are the key features of Fortify Application Defender?
  • Security Defect Identification: Uses advanced algorithms to detect security flaws.
  • Real-time Remediation: Provides immediate solutions for vulnerabilities.
  • WebInspect Integration: Customizable rule sets enhance protection.
  • Actionable Insights: Delivers clear repair strategies.
  • User-friendly Configuration: Easy set-up in CI/CD pipelines.
What benefits should users consider when evaluating Fortify Application Defender?
  • Scalable Integration: Works with multiple operating systems and compilers.
  • Improved Code Quality: Prevents exposure of sensitive data.
  • Efficient Scanning: Reduces time to identify threats.
  • Customizable Rules: Enhances security measures specific to applications.

Fortify Application Defender is commonly used in industries like banking and finance to secure applications by inspecting source code for vulnerabilities. Companies can integrate it seamlessly into their DevOps pipelines, ensuring that their applications are protected against cyberattacks while maintaining high code quality. They can thereby avoid common risks such as IP and password exposure by leveraging static code analysis and other integrated technologies available within this tool.

Fortify Application Defender was previously known as HPE Fortify Application Defender, Micro Focus Fortify Application Defender.

Fortify Application Defender customers

ServiceMaster, Saltworks, SAP

Related questions

  • 217
What is the Biggest Difference Between Checkmarx and Fortify?
  • 210
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 137
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 243
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 212
What are the Top 5 cybersecurity trends in 2022?
  • 122
Which application security solutions include both vulnerability scans and quality checks?
  • 136
We're evaluating Tripwire, what else should we consider?
  • 350
Is SonarQube the best tool for static analysis?
  • 110
Why Do I Need Application Security Software?
  • 135
Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?

Product Categories

Product Categories
Application Security Tools

Popular Comparisons

Popular Comparisons
SonarQube vs Fortify Application Defender Logo
SonarQube vs Fortify Application Defender
Snyk vs Fortify Application Defender Logo
Snyk vs Fortify Application Defender
Checkmarx One vs Fortify Application Defender Logo
Checkmarx One vs Fortify Application Defender
GitLab vs Fortify Application Defender Logo
GitLab vs Fortify Application Defender
Veracode vs Fortify Application Defender Logo
Veracode vs Fortify Application Defender
Mend.io vs Fortify Application Defender Logo
Mend.io vs Fortify Application Defender
OpenText Core Application Security vs Fortify Application Defender Logo
OpenText Core Application Security vs Fortify Application Defender
Sonatype Lifecycle vs Fortify Application Defender Logo
Sonatype Lifecycle vs Fortify Application Defender
PortSwigger Burp Suite Professional vs Fortify Application Defender Logo
PortSwigger Burp Suite Professional vs Fortify Application Defender
GitHub Advanced Security vs Fortify Application Defender Logo
GitHub Advanced Security vs Fortify Application Defender
GitGuardian Platform vs Fortify Application Defender Logo
GitGuardian Platform vs Fortify Application Defender
HCL AppScan vs Fortify Application Defender Logo
HCL AppScan vs Fortify Application Defender
Qualys Web Application Scanning vs Fortify Application Defender Logo
Qualys Web Application Scanning vs Fortify Application Defender
Klocwork vs Fortify Application Defender Logo
Klocwork vs Fortify Application Defender
CodeSonar vs Fortify Application Defender Logo
CodeSonar vs Fortify Application Defender
See all alternatives
 
Fortify Application Defender Reviews Summary
Author infoRatingReview Summary
CTO at Abcl3.5We use Fortify Application Defender for fast code review within our DevOps pipeline. Its easy integration and configuration of rules are valuable. It could improve by integrating industry-standard code review tools. We switched from Checkmarx due to Fortify's better support and pricing.
Department Manger at Hitachi Channel3.0We use Fortify Application Defender to prevent cyberattacks. It efficiently identifies software vulnerabilities, saving us cost and time. However, it struggles with Java coding and has a high false positive rate. Improved licensing options and costs would be beneficial.
Senior Security Analyst (AppSec) at ELETROBRAS4.5I use Fortify Application Defender to analyze .NET projects. It excels in software composition analysis and integrates easily with GitLab and CI/CD pipelines, though I encounter many false positives with Python applications. Checkmarx previously offered fewer false positives.
Software Development Engineer 3 at a consultancy with 10,001+ employees3.0I use Fortify Application Defender to test our products' defenses but find the machine learning, real-time remediation, and automatic notifications valuable. However, it generates many false positives without showing ROI, prompting a switch from HCL AppScan.
Senior Manager Technical Operations at NeuStar3.5I've used Fortify Application Defender for four years, valuing its default code packages. It's stable, scalable, and I recommend it, despite its need for more language support. I rate it 7/10.
System Quality Assurance Manager at AIS - Advanced Info Services Plc.3.5I use Fortify Application Defender for security scanning. Its fix information is good, but scanning is slow and scalability is poor due to licensing. It's expensive and I rate it 7/10.
Director of Security at Merito4.0I value Fortify Application Defender for its application-specific threat blocking, especially with WebInspect, augmenting WAFs. It's stable, but platform support is limited to .NET/Java, and technical support needs improvement. I recommend trying this effective solution.
Business Development Specialist at a computer software company with 11-50 employees5.0I've used this stable product for over 10 years, providing customers with secure applications and mitigating cybersecurity risks. I rate it 10/10, though its licensing can be quite complex.