Fortify WebInspect Reviews

Name: Fortify WebInspect
Brand: OpenText
Rating: 3.6 (20 reviews)

Vendor: OpenText

3.6 out of 5

20 reviews
81% willing to recommend

181 followers

Post review

What is Fortify WebInspect?

Fortify WebInspect is an automated DAST solution that helps security professionals and QA testers uncover security vulnerabilities and configuration concerns by providing complete vulnerability detection. This is accomplished by mimicking real-world external security attacks on a live application in order to discover and prioritize concerns for root-cause study. Fortify WebInspect provides a number of REST APIs for easier integration, as well as the ability to be maintained via an intuitive UI or totally automated.

Get the Fortify WebInspect Buyer's Guide and find out what your peers are saying about Fortify WebInspect, HCL AppScan, Invicti and more!

Fortify WebInspect is the #2 ranked solution in top Dynamic Application Security Testing (DAST) solutions and #8 ranked solution in top DevSecOps solutions. PeerSpot users give Fortify WebInspect an average rating of 7.2 out of 10. Fortify WebInspect is most commonly compared to HCL AppScan: Fortify WebInspect vs HCL AppScan. Fortify WebInspect is popular among the large enterprise segment, accounting for 72% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.

Helped 831,158 peers since 2012

Featured reviews

Navin N

Global ISO 27001 Program Lead at DXC Technology

We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…

Read full review

RaviGupta4

Services Project Lead, Information Technology at IGT Solutions

I would like WebInspect's scanning capability to be quicker. Specifically, being able to scan a particular flow or part of an application more rapidly would be beneficial. Additionally, the cost of the licensing, particularly for multiple user licenses, could be more relevant, which would improve affordability and distribution among users.

Read full review

Kibeom Kim

General Manager at Inexion Co.

The installation phase of the product is slightly complex, making it not so easy. The product does not come in packaging, so one needs to install a database, after which one can install the product by activating the license and updating it whenever required. Fortify WebInspect has many processes involved in its installation phase compared to the other products in the market. Certain Korean products can be installed with just one step. I need to support my customers with the product's installation phase. The installation process takes a day or two to complete, but for some of my customers, it takes a month since they do not have any experience or knowledge about the product. The solution is deployed on-premises.

Read full review

Fortify WebInspect mindshare

Product category:

As of January 2025, the mindshare of Fortify WebInspect in the Dynamic Application Security Testing (DAST) category stands at 28.4%, down from 34.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Dynamic Application Security Testing (DAST)

PeerAnalyst reports

Type	Title	Date
Category	Dynamic Application Security Testing (DAST)	Jan 20, 2025	Download
Product	Reviews, tips, and advice from real users	Jan 20, 2025	Download
Comparison	Fortify WebInspect vs HCL AppScan	Jan 20, 2025	Download
Comparison	Fortify WebInspect vs Invicti	Jan 20, 2025	Download
Comparison	Fortify WebInspect vs Rapid7 InsightAppSec	Jan 20, 2025	Download

Title	Rating	Mindshare	Recommending
HCL AppScan	3.9	22.3%	83%	43 interviews Add to research
Invicti	4.1	17.1%	96%	28 interviews Add to research

Valuable Features

Guided Scan, centralized dashboard, and scalable, easy-to-use interface are key components of Fortify WebInspect. Its dynamic and static analysis features enhance accuracy. It excels in detecting vulnerabilities, offers seamless integration with Fortify code scanner, and supports detailed vulnerability management. Users benefit from its robust scanning capabilities with user authentication, effective reporting, and fast setup. Fortify WebInspect aligns with top ten vulnerabilities standards and efficiently identifies complex issues.

"The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients."
"It is easy to use, and its reporting is fairly simple."
"The feature that has been most influential in identifying vulnerabilities is its ability to crawl the website, understand the structure, and analyze the network packets sent and received."

Room for Improvement

Fortify WebInspect requires enhancements in cloud integration, reducing false positives, and improving scanning speed. Users find it bulky, challenging in deployment, and high in resource consumption. There's a need for better integration with Azure and seamless operation with diverse technologies. Report generation is slow, and user-friendliness is lacking. It is considered expensive, especially in markets like Korea. Improved automation and support for more file extensions are desired, as is better handling of authentication.

"I would like WebInspect's scanning capability to be quicker."
"There are some file extensions, like .SER, that Fortify WebInspect doesn't scan."
"I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them."

ROI

Fortify WebInspect significantly improved security assessment efficiency, leading to faster detection and remediation of vulnerabilities. Users reported enhanced application security, reducing potential costs associated with breaches. Cost savings from automated scans and comprehensive testing exceeded initial investment. Through its detailed analytics, companies experienced better compliance with security standards, ultimately achieving a strong return on investment.

Pricing

Enterprise users find Fortify WebInspect's pricing on the higher side compared to other solutions like Acunetix, yet justifiable due to its stability and reliability. Pricing can range between $40,000 to $50,000 or more, depending on the deal. Clients note the lack of clarity in licensing, with some restrictions such as single scan capability. While smaller organizations may find it steep, the cost suits medium to large enterprises better.

"Fortify WebInspect is a very expensive product."
"This solution is very expensive."
"The price is okay."

Popular Use Cases

Organizations use Fortify WebInspect primarily for scanning web applications to identify vulnerabilities. They integrate it into their dynamic application security testing processes, testing the performance of web applications to ensure no security issues are present. Fortify WebInspect is deployed both on-premise and in the cloud, serving security and QA teams. It helps assess web application security for various environments and supports development teams in applying fixes to identified security threats.

Service and Support

Fortify WebInspect's customer service and support are generally rated as good, though responsiveness can vary. Some entities experience prompt and knowledgeable assistance, rating it highly, while others find it slower, especially with more complex issues. Remote assistance is noted as lacking, requiring uploads of logs for analysis. There are instances where support has been efficient, yet some express difficulty in accessing immediate help. Entities rate technical support between six and eight out of ten, while customer support reaches nine to ten.

Deployment

Users report mixed experiences with Fortify WebInspect's initial setup. Some find it straightforward and quick, requiring minimal time and effort, while others describe it as complex and time-consuming, involving multiple tools, licenses, and system resources. Installation times vary significantly, with some taking hours and others weeks. Users highlight memory requirements and necessary maintenance, including frequent updates and log management. The complexity often depends on the existing technology and user's familiarity with the process.

Scalability

Fortify WebInspect is generally scalable with varying experiences among users. Larger companies find it easier to scale with additional servers or licenses. Some report smooth scalability for applications, while others note complexities with larger sites or multiple applications. Integration with other products aids scalability, and cloud installations scale better than desktop versions. Ratings suggest good to moderate scalability, with security needs sometimes differing from development requirements. Users range from small to large enterprises.

Stability

Fortify WebInspect is largely stable but has room for improvement, especially with complex websites and new releases. Users note stability issues such as bugs and high CPU usage. Many find it stable and reliable, providing effective vulnerability management for straightforward applications, while others report occasional false negatives and performance lags. The stability rating varies, with users rating it between five and nine out of ten, reflecting diverse experiences.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Fortify WebInspect Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

18%

Computer Software Company

16%

Government

13%

Manufacturing Company

13%

Healthcare Company

Insurance Company

Media Company

Educational Organization

Retailer

Real Estate/Law Firm

University

Energy/Utilities Company

Construction Company

Comms Service Provider

Wholesaler/Distributor

Consumer Goods Company

Non Profit

Aerospace/Defense Firm

Hospitality Company

Transportation Company

Outsourcing Company

Pharma/Biotech Company

Engineering Company

Logistics Company

Performing Arts

Recreational Facilities/Services Company

Compare Fortify WebInspect with alternative products

Learn more about Fortify WebInspect

Fortify WebInspect may be used as a completely automated solution to suit DevOps and scaling requirements, and it integrates seamlessly with the SDLC. REST APIs aid in closer integration by automating scans and ensuring that compliance standards are satisfied. Users can make use of pre-built integrations for Micro Focus Lifecycle Management (ALM) and Quality Center, as well as other security testing and management platforms.

Teams may reuse current scripts and tools thanks to powerful connectors. Any Selenium script can be simply integrated with Fortify WebInspect. Fortify WebInspect supports Swagger and OData formats via the WISwag command line tool, allowing it to work with any DevOps workflow. A scan template can be pre-configured by ScanCentral Admin and sent to users to scan their apps, with zero security knowledge required.

Fortify WebInspect Features

Fortify WebInspect has many valuable key features. Some of the most useful ones include:

Security testing of functional applications (FAST): FAST can use all of the functional tests in the same way as IAST does, but it will continue crawling. FAST will not miss anything that a functional test misses.

Insights from a hacker's perspective: View discoveries such as client-side frameworks and version number. These are findings that, if not addressed, could lead to vulnerabilities.

Workflow macros HAR files: Fortify WebInspect can scan workflows with HAR files, ensuring that crucial content is not missed.

Management of compliance: Preconfigured policies and reports for all key online application security compliance regulations, such as PCI DSS, DISA STIG, NIST 800-53, ISO 27K, OWASP, and HIPAA.

Horizontal scaling can help you speed up your work: Using Kubernetes, horizontal scaling creates little versions of WebInspect that only process JavaScript. This allows the scans to run in parallel, resulting in significantly faster scans.

Scan any API for better accuracy: Get the complete picture on APIs, including SOAP, Rest, Swagger, OpenAPI, and Postman.
Managing the security of enterprise applications: To meet DevOps requirements, monitor trends within an application and take action on the most critical issues first.

Deployment options: With the flexibility of on-premise, SaaS, or AppSec-as-a-service, you can get started immediately and scale as needed.

Fortify WebInspect Benefits

There are many benefits to implementing Fortify WebInspect. Some of the biggest advantages the solution offers include:

Vulnerabilities are discovered faster and earlier.
Automation and agent technology can help you save time.
Users can utilize crawl web technologies and modern frameworks.
ScanCentral DAST helps you manage enterprise app security risk.

Reviews from Real Users

Fortify WebInspect stands out among its competitors for a number of reasons. One major one is its robust centralized dashboard, which gives insight into all vulnerabilities.

Milin S., an Information Security Architect at a real estate/law firm, writes of the product, “Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features. The vulnerability management part of it is very easy. We can suppress or comment on each vulnerability and assign a vulnerability to an individual risk owner, which makes the work easy.”

Fortify WebInspect was previously known as Micro Focus WebInspect, WebInspect.