We performed a comparison between Fortify on Demand and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortify helps us to stay updated with the newest languages and versions coming out."
"The most valuable features are the detailed reporting and the ability to set up deep scanning of the software, both of which are in the same place."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"It's a stable and scalable solution."
"The licensing was good."
"Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out."
"Fortify supports most languages. Other tools are limited to Java and other typical languages. IBM's solutions aren't flexible enough to support any language. Fortify also integrates with lots of tools because it has API support."
"The solution is user-friendly."
"This is a stable solution."
"You can easily find particular features and functions through the UI."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"The most valuable feature of the solution is the scanning or security part."
"Technical support is helpful."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse."
"Takes up a lot of resources which can slow things down."
"I would like the solution to add AI support."
"Fortify on Demand could be improved with support in Russia."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"If you have a continuous integration in place, for example, and you want it to run along with your build and you want it to be fast, you're not going to get it. It adds to your development time."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"A desktop version should be added."
"IBM Security AppScan Source is rather hard to use."
"They could add a software component analysis tool."
"It has crashed at times."
"The pricing has room for improvement."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
Fortify on Demand is ranked 10th in Application Security Tools with 56 reviews while HCL AppScan is ranked 15th in Application Security Tools with 40 reviews. Fortify on Demand is rated 8.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify on Demand writes "Provides good depth of scanning but is unfortunately not fully integrated with CIT processes ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify on Demand is most compared with SonarQube, Veracode, Checkmarx One, Coverity and GitHub, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Fortify WebInspect. See our Fortify on Demand vs. HCL AppScan report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.