Try our new research platform with insights from 80,000+ expert users
Fortify WebInspect Logo

Fortify WebInspect Reviews

Vendor: OpenText
3.6 out of 5
Badge Leader
181 followers
Start review

What is Fortify WebInspect?

Fortify WebInspect is an automated DAST solution that helps security professionals and QA testers uncover security vulnerabilities and configuration concerns by providing complete vulnerability detection. This is accomplished by mimicking real-world external security attacks on a live application in order to discover and prioritize concerns for root-cause study. Fortify WebInspect provides a number of REST APIs for easier integration, as well as the ability to be maintained via an intuitive UI or totally automated.

Get the Fortify WebInspect Buyer's Guide and find out what your peers are saying about Fortify WebInspect, HCL AppScan, Invicti and more!
Fortify WebInspect is the #2 ranked solution in top Dynamic Application Security Testing (DAST) solutions and #7 ranked solution in top DevSecOps solutions. PeerSpot users give Fortify WebInspect an average rating of 7.2 out of 10. Fortify WebInspect is most commonly compared to HCL AppScan: Fortify WebInspect vs HCL AppScan. Fortify WebInspect is popular among the large enterprise segment, accounting for 71% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.
Buyer's Guide
Fortify WebInspect
March 2025
Get the report
Helped 842,690 peers since 2012

Featured Fortify WebInspect reviews

Read more reviews

Fortify WebInspect mindshare

Product category:
Dynamic Application Security Testing ...
As of March 2025, the mindshare of Fortify WebInspect in the Dynamic Application Security Testing (DAST) category stands at 25.6%, down from 33.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Dynamic Application Security Testing (DAST)

PeerAnalyst reports based on Fortify WebInspect reviews

TypeTitleDate
CategoryDynamic Application Security Testing (DAST)Mar 31, 2025Download
ProductReviews, tips, and advice from real usersMar 31, 2025Download
ComparisonFortify WebInspect vs HCL AppScanMar 31, 2025Download
ComparisonFortify WebInspect vs InvictiMar 31, 2025Download
ComparisonFortify WebInspect vs Rapid7 InsightAppSecMar 31, 2025Download
Suggested products
TitleRatingMindshareRecommending
HCL AppScan3.917.5%83%43 interviewsAdd to research
Invicti4.113.1%96%29 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Guided Scan, centralized dashboard, and scalable, easy-to-use interface are key components of Fortify WebInspect. Its dynamic and static analysis features enhance accuracy. It excels in detecting vulnerabilities, offers seamless integration with Fortify code scanner, and supports detailed vulnerability management. Users benefit from its robust scanning capabilities with user authentication, effective reporting, and fast setup. Fortify WebInspect aligns with top ten vulnerabilities standards and efficiently identifies complex issues.
  • "The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients."
  • "It is easy to use, and its reporting is fairly simple."
  • "The feature that has been most influential in identifying vulnerabilities is its ability to crawl the website, understand the structure, and analyze the network packets sent and received."

Room for Improvement

Fortify WebInspect requires enhancements in cloud integration, reducing false positives, and improving scanning speed. Users find it bulky, challenging in deployment, and high in resource consumption. There's a need for better integration with Azure and seamless operation with diverse technologies. Report generation is slow, and user-friendliness is lacking. It is considered expensive, especially in markets like Korea. Improved automation and support for more file extensions are desired, as is better handling of authentication.
  • "I would like WebInspect's scanning capability to be quicker."
  • "There are some file extensions, like .SER, that Fortify WebInspect doesn't scan."
  • "I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them."

ROI

Fortify WebInspect significantly improved security assessment efficiency, leading to faster detection and remediation of vulnerabilities. Users reported enhanced application security, reducing potential costs associated with breaches. Cost savings from automated scans and comprehensive testing exceeded initial investment. Through its detailed analytics, companies experienced better compliance with security standards, ultimately achieving a strong return on investment.

Pricing

Enterprise users find Fortify WebInspect's pricing on the higher side compared to other solutions like Acunetix, yet justifiable due to its stability and reliability. Pricing can range between $40,000 to $50,000 or more, depending on the deal. Clients note the lack of clarity in licensing, with some restrictions such as single scan capability. While smaller organizations may find it steep, the cost suits medium to large enterprises better.
  • "Fortify WebInspect is a very expensive product."
  • "This solution is very expensive."
  • "The price is okay."

Popular Use Cases

Organizations use Fortify WebInspect primarily for scanning web applications to identify vulnerabilities. They integrate it into their dynamic application security testing processes, testing the performance of web applications to ensure no security issues are present. Fortify WebInspect is deployed both on-premise and in the cloud, serving security and QA teams. It helps assess web application security for various environments and supports development teams in applying fixes to identified security threats.

Service and Support

Fortify WebInspect's customer service and support are generally rated as good, though responsiveness can vary. Some entities experience prompt and knowledgeable assistance, rating it highly, while others find it slower, especially with more complex issues. Remote assistance is noted as lacking, requiring uploads of logs for analysis. There are instances where support has been efficient, yet some express difficulty in accessing immediate help. Entities rate technical support between six and eight out of ten, while customer support reaches nine to ten.

Deployment

Users report mixed experiences with Fortify WebInspect's initial setup. Some find it straightforward and quick, requiring minimal time and effort, while others describe it as complex and time-consuming, involving multiple tools, licenses, and system resources. Installation times vary significantly, with some taking hours and others weeks. Users highlight memory requirements and necessary maintenance, including frequent updates and log management. The complexity often depends on the existing technology and user's familiarity with the process.

Scalability

Fortify WebInspect is generally scalable with varying experiences among users. Larger companies find it easier to scale with additional servers or licenses. Some report smooth scalability for applications, while others note complexities with larger sites or multiple applications. Integration with other products aids scalability, and cloud installations scale better than desktop versions. Ratings suggest good to moderate scalability, with security needs sometimes differing from development requirements. Users range from small to large enterprises.

Stability

Fortify WebInspect is largely stable but has room for improvement, especially with complex websites and new releases. Users note stability issues such as bugs and high CPU usage. Many find it stable and reliable, providing effective vulnerability management for straightforward applications, while others report occasional false negatives and performance lags. The stability rating varies, with users rating it between five and nine out of ten, reflecting diverse experiences.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Fortify WebInspect Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
18%
Computer Software Company
15%
Government
14%
Manufacturing Company
12%
Healthcare Company
4%
Insurance Company
4%
Media Company
3%
Educational Organization
3%
Real Estate/Law Firm
3%
University
3%
Retailer
2%
Consumer Goods Company
2%
Energy/Utilities Company
2%
Wholesaler/Distributor
2%
Comms Service Provider
2%
Construction Company
1%
Non Profit
1%
Hospitality Company
1%
Aerospace/Defense Firm
1%
Transportation Company
1%
Performing Arts
1%
Outsourcing Company
1%
Logistics Company
1%
Pharma/Biotech Company
1%
Recreational Facilities/Services Company
1%

Compare Fortify WebInspect with alternative products

Go!

Learn more about Fortify WebInspect

Fortify WebInspect may be used as a completely automated solution to suit DevOps and scaling requirements, and it integrates seamlessly with the SDLC. REST APIs aid in closer integration by automating scans and ensuring that compliance standards are satisfied. Users can make use of pre-built integrations for Micro Focus Lifecycle Management (ALM) and Quality Center, as well as other security testing and management platforms.

Teams may reuse current scripts and tools thanks to powerful connectors. Any Selenium script can be simply integrated with Fortify WebInspect. Fortify WebInspect supports Swagger and OData formats via the WISwag command line tool, allowing it to work with any DevOps workflow. A scan template can be pre-configured by ScanCentral Admin and sent to users to scan their apps, with zero security knowledge required.

Fortify WebInspect Features

Fortify WebInspect has many valuable key features. Some of the most useful ones include:

  • Security testing of functional applications (FAST): FAST can use all of the functional tests in the same way as IAST does, but it will continue crawling. FAST will not miss anything that a functional test misses.
  • Insights from a hacker's perspective: View discoveries such as client-side frameworks and version number. These are findings that, if not addressed, could lead to vulnerabilities.
  • Workflow macros HAR files: Fortify WebInspect can scan workflows with HAR files, ensuring that crucial content is not missed.
  • Management of compliance: Preconfigured policies and reports for all key online application security compliance regulations, such as PCI DSS, DISA STIG, NIST 800-53, ISO 27K, OWASP, and HIPAA.
  • Horizontal scaling can help you speed up your work: Using Kubernetes, horizontal scaling creates little versions of WebInspect that only process JavaScript. This allows the scans to run in parallel, resulting in significantly faster scans.
  • Scan any API for better accuracy: Get the complete picture on APIs, including SOAP, Rest, Swagger, OpenAPI, and Postman.
  • Managing the security of enterprise applications: To meet DevOps requirements, monitor trends within an application and take action on the most critical issues first.
  • Deployment options: With the flexibility of on-premise, SaaS, or AppSec-as-a-service, you can get started immediately and scale as needed.

Fortify WebInspect Benefits

There are many benefits to implementing Fortify WebInspect. Some of the biggest advantages the solution offers include:

  • Vulnerabilities are discovered faster and earlier.
  • Automation and agent technology can help you save time.
  • Users can utilize crawl web technologies and modern frameworks.
  • ScanCentral DAST helps you manage enterprise app security risk.

Reviews from Real Users

Fortify WebInspect stands out among its competitors for a number of reasons. One major one is its robust centralized dashboard, which gives insight into all vulnerabilities.

Milin S., an Information Security Architect at a real estate/law firm, writes of the product, “Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features. The vulnerability management part of it is very easy. We can suppress or comment on each vulnerability and assign a vulnerability to an individual risk owner, which makes the work easy.”

Fortify WebInspect was previously known as Micro Focus WebInspect, WebInspect.

Fortify WebInspect customers

Aaron's

Related questions

  • 64
What alternatives are there for Fortify WebInspect and Fortify SCA?
  • 19
Which solution do you prefer: Fortify WebInspect or HCL AppScan?
  • 6
When evaluating Dynamic Application Security Testing (DAST), what aspect do you think is the most important to look for?
  • 4
Why is Dynamic Application Security Testing (DAST) important for companies?

Product Categories

Product Categories
Dynamic Application Security Testing (DAST)
DevSecOps

Popular Comparisons

Popular Comparisons
HCL AppScan vs Fortify WebInspect Logo
HCL AppScan vs Fortify WebInspect
Invicti vs Fortify WebInspect Logo
Invicti vs Fortify WebInspect
Rapid7 InsightAppSec vs Fortify WebInspect Logo
Rapid7 InsightAppSec vs Fortify WebInspect
PortSwigger Burp Suite Enterprise Edition vs Fortify WebInspect Logo
PortSwigger Burp Suite Enterprise Edition vs Fortify WebInspect
WhiteHat Dynamic vs Fortify WebInspect Logo
WhiteHat Dynamic vs Fortify WebInspect
Appknox vs Fortify WebInspect Logo
Appknox vs Fortify WebInspect
StackHawk vs Fortify WebInspect Logo
StackHawk vs Fortify WebInspect
See all alternatives
 

Fortify WebInspect reviews

Sort by:
Navin N - PeerSpot user
Global ISO 27001 Program Lead at a tech vendor with 10,001+ employees
Verified user of Fortify WebInspect
Sep 16, 2024
Product version discussed: Fortify version would be n minus one or n minus two.
Effective scanning of diverse file extensions with fast reporting and issue resolution

Pros

"It is easy to use, and its reporting is fairly simple. "

Cons

"There are some file extensions, like .SER, that Fortify WebInspect doesn't scan. "

What is our primary use case?

We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this. 

Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan the dynamic codes, which is where we use WebInspect.

How has it helped my organization?

The automated scanning capabilities of Fortify WebInspect allow us to generate immediate reports for customers, providing faster detection and fixing of issues.

*Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Read full review (511 words)
RaviGupta4 - PeerSpot user
Services Project Lead, Information Technology at IGT Solutions
Verified user of Fortify WebInspect
Oct 31, 2024
Its ability to detect even complex vulnerabilities is invaluable

Pros

"The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients."

Cons

"I would like WebInspect's scanning capability to be quicker. "

What is our primary use case?

Mostly, we use Fortify WebInspect to scan our applications. This includes whatever applications we are delivering to our customers. We aim to find out security vulnerabilities and other issues, so we can identify and fix them before releasing to the customer. This is the use case, as we strive to deliver applications free from vulnerabilities.

How has it helped my organization?

Fortify WebInspect contributes significantly to improving our Security Development Life Cycle (SDLC) security posture. The tool provides comprehensive vulnerability assessments which help ensure our deliverables are as free from vulnerabilities as possible. It has also streamlined our web application vulnerability assessments, assisting us in delivering secure applications to our clients.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (557 words)
Buyer's Guide
Fortify WebInspect
Download free report
Find out what your peers are saying about Fortify WebInspect. Updated March 2025
842,690 professionals have used our research since 2012.
Kibeom Kim - PeerSpot user
General Manager at Inexion Co.
Verified user of Fortify WebInspect
Aug 24, 2023
A powerful tool catering to multiple use cases that provides reasonably good technical support

Pros

"The solution's technical support was very helpful. "

Cons

"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."

What is our primary use case?

My company sells Fortify WebInspect to our customers.

What is most valuable?

The most valuable feature of the solution is that it is a powerful tool that has many customers with multiple use cases.

*Disclosure: My company has a business relationship with this vendor other than being a customer:
Read full review (518 words)
FP
Senior Manager - IT Security & ISMS at Ericsson
Verified user of Fortify WebInspect
Apr 30, 2023
Great at scanning and detecting vulnerabilities

Pros

"Good at scanning and finding vulnerabilities. "

Cons

"Not sufficiently compatible with some of our systems. "

What is our primary use case?

This is a scanning tool. We carried out a POC with the aim of taking a proactive approach to scanning the applications and remediating the vulnerabilities in the development environment. We have 15-18 applications currently using Fortify. We'll be testing additional applications in the coming months. 

What is most valuable?

WebInspect has the ability to scan an application and find vulnerabilities in the early stages of development. It also integrates with some of the applications as a part of the developing tool itself. It's a very good feature. 

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (518 words)
TN
Director at Eguardian lanka
Verified user of Fortify WebInspect
Jun 23, 2024
Scans web applications with user-authentication ability to crawl the website, understand the structure, and analyze the network packets sent and received

Pros

"The feature that has been most influential in identifying vulnerabilities is its ability to crawl the website, understand the structure, and analyze the network packets sent and received."

Cons

"I want to enhance automation. Currently, Fortify WebInspect can scan and find vulnerabilities, but users with specific skills need to interpret the results and understand how to address them. "

What is our primary use case?

Customers use Fortify WebInspect to scan web applications and get results with recommendations. After running scans, customers often have questions and need my support or recommendations to understand how to fix the issues identified. This includes understanding what vulnerabilities were found and what they mean.

What is most valuable?

The most valuable feature of Fortify WebInspect for me is the ability to scan with user authentication, like login credentials. This is crucial when scanning web applications because we need to input information like usernames and passwords to uncover vulnerabilities that appear after logging in. This feature helps identify more vulnerabilities on the website.

The feature that has been most influential in identifying vulnerabilities is its ability to crawl the website, understand the structure, and analyze the network packets sent and received.

*Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Read full review (668 words)
MS
Information Security Architect at a real estate/law firm with 1,001-5,000 employees
Verified user of Fortify WebInspect
Nov 25, 2021
Good reporting and vulnerability management, but needs better performance and resource utilization

Pros

"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."

Cons

"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."

What is our primary use case?

We use it for code scanning, security scanning, and finding vulnerabilities.

I am using its latest version. I have Fortify code scan on the cloud and Fortify WebInspect on-premise for a dynamic scan. So, SAST is on the cloud, and DAST is on-premise.

What is most valuable?

Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features.

The vulnerability management part of it is very easy. We can suppress or comment on each vulnerability and assign a vulnerability to an individual risk owner, which makes the work easy.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (708 words)
Ilyas Sadibekov - PeerSpot user
Consulting Engineer at a consultancy with 11-50 employees
Verified user of Fortify WebInspect
Mar 26, 2023
Easy to set up with responsive support and lots of customization

Pros

"There are lots of small settings and tools, like an HTTP editor, that are very useful."

Cons

"We have had a problem with authentification."

What is our primary use case?

Most of the time, it is used to access the current state of a client's web application. Sometimes it's used to test in the test environment, and sometimes in the enterprise environment, for example, the published environment. It mainly scans and checks for critical vulnerabilities. 

It can also check the differences between the web application, between the crawled URLs. It's not the main functionality, however, it is possible to use it in that manner. 

What is most valuable?

We like that we can see the request and response and create our own requests and see those responses. 

There are lots of small settings and tools, like an HTTP editor, that are very useful.

It is mostly stable. 

Support is very helpful. 

The setup is easy.

Depending on the deployment type, it can scale. 

*Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Read full review (590 words)
PeerSpot user
Senior Security Consaulant
Verified user of Fortify WebInspect
Oct 13, 2020
Great vulnerability detection and pretty stable, but an expensive option

Pros

"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."

Cons

"Lately, we've seen more false negatives."

What is our primary use case?

We primarily use the solution to test web applications regularly.

What is most valuable?

The solution is able to detect a wide range of vulnerabilities. It's better at it than other products.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Read full review (373 words)