Fortify on Demand vs Rapid7 InsightAppSec comparison

The compared OpenText and Rapid7 solutions aren't in the same category. OpenText is ranked #9 in AS , with an average rating of 8.2, and holds a 5.2% mindshare in the category. Rapid7 is ranked #4 in DAST , with an average rating of 8.1, and holds a 12.8% mindshare. Additionally, 89% of OpenText users are willing to recommend the solution, compared to 100% of Rapid7 users who would recommend it.

Fortify on Demand

Read 59 Fortify on Demand reviews

7,932 Views
6,139 Comparison Views

89% willing to recommend

Rapid7 InsightAppSec

Read 13 Rapid7 InsightAppSec reviews

382 Views
263 Comparison Views

100% willing to recommend

Fortify on Demand

Rapid7 InsightAppSec

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Fortify on Demand and Rapid7 InsightAppSec based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Fortify on Demand vs. Rapid7 InsightAppSec Report (Updated: May 2022).

Buyer's Guide

Fortify on Demand vs. Rapid7 InsightAppSec

May 2022

Download the complete report

Helped 814,649 peers since 2012

Categories and Ranking

Fortify on Demand

Average Rating

8.0

Number of Reviews

Ranking in other categories

Application Security Tools (9th), Static Application Security Testing (SAST) (8th)

Rapid7 InsightAppSec

Average Rating

8.6

Number of Reviews

Ranking in other categories

Dynamic Application Security Testing (DAST) (4th)

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Fortify on Demand is designed for Application Security Tools and holds a mindshare of 5.2%, up 4.8% compared to last year.
Rapid7 InsightAppSec, on the other hand, focuses on Dynamic Application Security Testing (DAST), holds 12.8% mindshare, down 13.2% since last year.

Application Security Tools

Dynamic Application Security Testing (DAST)

Featured Reviews

Jonathan Steyn

Principal Technical Consultant at EOH

Aug 12, 2024

Source code analyzer, FPR file generation, reduction of false positives and generates compliance reports, for in-depth analysis

Not challenges with the product itself. The product is very reliable. It does have a steep learning curve. But, again, one thing that Fortify or OpenText does very well is training. There are a lot of free resources and training in the community forums, free training as well as commercial training where users can train on how to use the back-end systems and the scanning engines and how to use command-line arguments because some of the procedures or some of the tools do require a bit of a learning curve. That's the only challenge I've really seen for customers because you have to learn how to use the tool effectively. But Fortify has, in fact, improved its user interface and the way users engage the dashboards and the interfaces. It is intuitive. It's easy to understand. But in some regards, the cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions. But from the point of the reliability index and how powerful the tool is, there's no challenge there. But it's just from a learning perspective; users might need a bit more skill to use the tool. The user interface isn't that tedious. It's not that difficult to understand. When I initially learned how to use the interfaces, I was able to master it within a week and was able to use it quite effectively. So training is required. All skills are needed to learn how to use the tool. I would like to see more enhancements in the dashboards. Dashboards are available. They do need some configuration and settings. But I would like to see more business intelligence capabilities within the tool. It's not particularly a cybersecurity function, but, for instance, business impact analysis or other features where you can actually use business intelligence capabilities within your security tool. That would be remarkable because not only do you have a cybersecurity tool, but you also have a tool that can give you business impact analysis and some other measurements. A bit more intelligence in terms of that from a cybersecurity perspective would be remarkable.

Read full review

Vikas Dusa

Cyber Security Trainer and Programmer at Freelancer

Mar 4, 2024

Helps to check multiple websites, particularly dynamic and e-commerce websites, for vulnerabilities within the code

In Rapid7 InsightAppSec, a distinctive feature is the provision of a CDM for integrating web servers and web applications. To establish the connection between these applications, you only need to paste the provided CDN into your metadata. Once connected, every piece of information, including vulnerabilities, can be accessed. It also offers demo sessions. If there is any malicious network traffic targeting a specific web application, it is designed to detect and showcase the entire scenario. It provides insights into potential vulnerabilities, including issues related to process scripting or content security policy vulnerabilities. Setting up and configuring scans within the tool is easy, and I would rate it a nine out of ten. It provides videos on YouTube, along with documentation that breaks down the process into step-by-step instructions.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It improves future security scans."

"The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product)."

"Provides good depth of scanning and we get good results."

"The solution is very fast."

"One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that."

"Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning."

"The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it."

"The static code analyzers are the most valuable features of this solution."

More Fortify on Demand pros

"The initial setup for us was easy enough. We didn't face too many issues. Deployment took maybe 30 minutes. It's quite quick and doesn't cause too much trouble at the outset."

"The templates feature is very easy. You just choose the kind of attack you want on your web application, and you run it against that template and receive a report. It's great."

"We have seen measurable decrease in the mean time to respond to threats by 20 percent."

"It is a very robust solution."

"It is very convenient to get reports from the tool, which offers high-level environmental statistics."

"The most valuable feature of this solution is the graphical interface."

"You have various attack modules, and you also have the Attack Replay feature for the attack sequence. You can reproduce an attack and see it. That is a very good feature I noticed in this solution. It helps developers as well."

"It uses a signature-based method to check for problems with your code and will provide an alert if anything is found."

More Rapid7 InsightAppSec pros

Cons

"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."

"There are many false positives identified by the solution."

"It could have a little bit more streamlined installation procedure. Based on the things that I've done, it could also be a bit more automated. It is kind of taking a bunch of different scanners, and SSC is just kind of managing the results. The scanning doesn't really seem to be fully integrated into the SSC platform. More automation and any kind of integration in the SSC platform would definitely be good. There could be a way to initiate scans from SSC and more functionality on the server-side to initiate desk scans if it is not already available."

"In terms of what could be improved, we need more strategic analysis reports, not just for one specific application, but for the whole enterprise. In the next release, we need more reports and more analytic views for all the applications. There is no enterprise view in Fortify. I would like enterprise views and reports."

"We have some stability issues, but they are minimal."

"They could provide features for artificial intelligence similar to other vendors."

"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."

"Fortify on Demand needs to improve its pricing."

More Fortify on Demand cons

"The reporting is definitely an aspect of the solution that's in need of some work. We found that we'd try to use widgets, but often getting them to work for us wasn't very clear. They need to be more user friendly or offer better instructions."

"We'd like to see integrations with WAF solutions."

"I would like more details of what the product can do."

"The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehensive. It would be beneficial if the solution could also scan mobile applications. It only scans web applications and should also cover mobile applications, including firmware recommendations."

"The interface should be a little bit easier to manage. Sometimes, the logic that they use is kind of strange. They need to work a little bit more on their interface to make it more understandable. The interface is the only problem. I'm using Rapid7, which is very intuitive. There are other applications available in the market with a better interface. They can include more techniques or options to test different types of security because the templates are limited. It would be great to see them follow the MITRE ATT&CK framework or what is there in tools like Veracode and Synopsys."

"In the future, if they can have integration with a lot of ticketing systems then it would be amazing."

"When you add new projects for the same product, it either duplicates or replaces the scan configuration. If I run a scan for the same product with a different scan configuration, it should keep the previous scan configuration and not replace it with the new scan configuration. It should just add the new scan configuration. That would be helpful. They do keep the results as it is, but the scan configuration keeps changing. For example, I have set a scan configuration to a full scan, and next week, I want to run a new scan for the same product with some changes or new functionalities. I want to run a partial scan. Currently, if I change the scan configuration to partial, it changes the old one also to partial. That should be improved."

"They should add more features. I would like to see them do a little more on static analysis and also interactivity analysis. Currently, it does very basic static analysis. It could do a little more static analysis, which is something that would help. A lot more interactivity analysis should also be there. It should basically look at security during interactivity."

More Rapid7 InsightAppSec cons

Pricing and Cost Advice

"The pricing model it's based on how many applications you wish to scan."

"Buying a license would be feasible for regular use. For intermittent use, the cloud-based option can be used (Fortify on Demand)."

"We make an annual purchase of the licenses we need."

"The licensing was good because the licenses have the heavy centralized server."

"It is not more expensive than other solutions, but the pricing is competitive."

"The pricing can be improved because it is complex when compared to the competition."

"It is cost-effective."

"The solution is expensive and the price could be reduced."

More Fortify on Demand pricing and cost advice

"I rate Rapid7 InsightAppSec’s pricing an eight out of ten."

"I'm not sure how much it costs exactly, but I know it's expensive."

"Its price is competitive. It is not expensive."

"Rapid7 InsightAppSec is cheap."

"The price of this product is very cheap."

"They offer a good price, but I don't remember its cost. It is fair as compared to the competition. We have opted for project-based licensing, not user-based. We can add any number of users. That doesn't matter. It is worth the money."

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

814,649 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Manufacturing Company

14%

Computer Software Company

13%

Government

Computer Software Company

21%

Financial Services Firm

14%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Micro Focus Fortify on Demand?

It helps deploy and track changes easily as per time-to-time market upgrades.

See all answers

What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?

In comparison with other tools, they're competitive. It is not more expensive than other solutions, but their pricing is competitive. The licenses for Fortify On Demand are generally bought in unit...

See all answers

What needs improvement with Micro Focus Fortify on Demand?

See all answers

What do you like most about Rapid7 InsightAppSec?

See all answers

What needs improvement with Rapid7 InsightAppSec?

The dynamic scanning feature has simplified and improved the security testing process. I suggest adding a SaaS feature to the solution to support scanning SaaS applications, making it more comprehe...

See all answers

What is your primary use case for Rapid7 InsightAppSec?

We use Rapid7 InsightAppSec for dynamic application security scanning. We scan our web applications to identify vulnerabilities and then address the issues based on the report. It is a task solutio...

See all answers

Comparisons

SonarQube Server (formerly SonarQube) vs Fortify on Demand

Compared 19% of the time

Veracode vs Fortify on Demand

Compared 16% of the time

Checkmarx One vs Fortify on Demand

Compared 12% of the time

Coverity vs Fortify on Demand

Compared 10% of the time

GitHub Advanced Security vs Fortify on Demand

Compared 6% of the time

More Fortify on Demand Competitors

Rapid7 AppSpider vs Rapid7 InsightAppSec

Compared 31% of the time

PortSwigger Burp Suite Professional vs Rapid7 InsightAppSec

Compared 15% of the time

OWASP Zap vs Rapid7 InsightAppSec

Compared 13% of the time

Acunetix vs Rapid7 InsightAppSec

Compared 11% of the time

Fortify WebInspect vs Rapid7 InsightAppSec

Compared 8% of the time

More Rapid7 InsightAppSec Competitors

Product Reports

Buyer's Guide

Fortify on Demand

November 2024

Download Fortify on Demand product report

Buyer's Guide

Rapid7 InsightAppSec

October 2024

Download Rapid7 InsightAppSec product report

Also Known As

Micro Focus Fortify on Demand

InsightAppSec

Learn More

OpenText

Rapid7

Overview

Fortify on Demand is a web application security testing tool that enables continuous monitoring. The solution is designed to help you with security testing, vulnerability management and tailored expertise, and is able to provide the support needed to easily create, supplement, and expand a software security assurance program without the need for additional infrastructure or resources.

Fortify on Demand Features

Fortify on Demand has many valuable key features. Some of the most useful ones include:

Deployment flexibility
Scalability
Built for DevSecOps
Ease of use
Supports 27+ languages
Real-time vulnerability identification with
Security Assistant
Actionable results in less than 1 hour for most applications with DevOps automation
Expanded coverage, accuracy and remediation details with IAST runtime agent
Continuous application monitoring of production applications
Virtual patches
Supports iOS and Android mobile applications
Security vulnerability identification
Behavioral and reputation analysis

Fortify on Demand Benefits

There are several benefits to implementing Fortify on Demand. Some of the biggest advantages the solution offers include:

Fast remediation: With Fortify on Demand you can achieve fast remediation throughout the software lifecycle with robust assessments by a team of security experts.

Easy integration: The solution’s integration ecosystem is easy to use, creating a more secure software supply chain.

Security testing: Fortify on Demand covers in-depth mobile app security testing, open-source analysis, and vendor application security management, in addition to static and dynamic testing.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortify on Demand solution.

Dionisio V., Senior System Analyst at Azurian, says, "One of the top features is the source code review for vulnerabilities. When we look at source code, it's hard to see where areas may be weak in terms of security, and Fortify on Demand's source code review helps with that." He goes on to add, “Another reason I like Fortify on Demand is because our code often includes open source libraries, and it's important to know when the library is outdated or if it has any known vulnerabilities in it. This information is important to us when we're developing our solutions and Fortify on Demand informs us when it detects any vulnerable open source libraries.”

A Security Systems Analyst at a retailer mentions, “Being able to reduce risk overall is a very valuable feature for us.”

Jayashree A., Executive Manager at PepsiCo, comments, “Once we have our project created with our application pipeline connected to the test scanning, it only takes two minutes. The report explaining what needs to be modified related to security and vulnerabilities in our code is very helpful. We are able to do static and dynamic code scanning. When we are exploring some of the endpoints this solution identifies many loopholes that hackers could utilize for an attack. This has been very helpful and surprising how many vulnerabilities there can be.”

A Principal Solutions Architect at a security firm explains, “Its ability to perform different types of scans, keep everything in one place, and track the triage process in Fortify SSC stands out.”

PeerSpot user Mamta J., Co-Founder at TechScalable, states, "Almost all the features are good. This solution has simplified designing and architecting for our solutions. We were early adopters of microservices. Their documentation is good. You don't need to put in much effort in setting it up and learning stuff from scratch and start using it. The learning curve is not too much."

Your web applications may be complex, but your application security testing tool doesn’t need to be. InsightAppSec brings Rapid7’s proven Dynamic Application Security Testing (DAST) technology to the Insight platform, combining powerful application crawling and attack capabilities, flexibility in scan scope and scheduling, and accuracy in results with a modern UI, intuitive workflows, and sensible data organization. This enables you to identify XSS, SQL injection, CSRF, and other vulnerabilities with unparalleled ease. The best part? All of these capabilities are delivered via the cloud so that you’re up and running in minutes to identify the critical security risks that exist in your applications.

Sample Customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

CenterPoint Energy, CPA Australia, Hypertherm, First American Financial Corporation, Rackspace

Buyer's Guide

Fortify on Demand vs. Rapid7 InsightAppSec

May 2022

Free Report: Fortify on Demand vs. Rapid7 InsightAppSec

Find out what your peers are saying about Fortify on Demand vs. Rapid7 InsightAppSec and other solutions. Updated: May 2022.

DOWNLOAD NOW

814,649 professionals have used our research since 2012.

See our Fortify on Demand vs. Rapid7 InsightAppSec report.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.