Try our new research platform with insights from 80,000+ expert users

Badges

35 Points
7 Years

User Activity

Over 4 years ago
Commented on Good static code analysis helps to discover vulnerabilities
I believe the reviewer or the forum organizer has posted this review in the wrong area, or confused Fortify's WebInspect product (DAST) with their Static Code Analyzer ("Fortify SCA") product (SCA) +++++++++ Fortify general:…
Over 5 years ago
Answered a question: Why Do I Need Application Security Software?
Acquiring the tools is not the goal, it is to operate an Application Security program. Remember that you need People-Technology-and-Processes, not simply some cool technology tool, even if that modern tech is now much faster and clearer than ever before. An AppSec program…
About 6 years ago
Commented on Needs a cloud-based version, although it's easy to scan and then to share scan reports
Fortify does not offer a cloud version of WebInspect that the user can drive or configure directly The closest they have to WebInspect in a cloud format is the Fortify On Demand SaaS ("FOD"), and truthfully that is more "DAST or AppSec As A Service". In FOD, the customer…
Over 6 years ago
Answered a question: Checkmarx vs SonarQube​: How Do I Choose?
SonarQube likely should be removed from your site's AppSec category. Read the other comments to understand why. It's a good tool, but this is not its category.
Over 6 years ago
Answered a question: What Application Security Solution Do You Use That Is DevOps Friendly?
[Full disclosure - I work for Fortify Software] Fortify SCA (Static Code Analyzer) can support your DevOps system in a variety of ways, so the choices are all yours, which can make this tough. I just wanted to share some of our On-premise and On-line options below to get…
Experience
Following

Answers

Over 5 years ago
Application Security Tools
Why Do I Need Application Security Software?
Over 6 years ago
Application Security Tools
Checkmarx vs SonarQube​: How Do I Choose?
Over 6 years ago
Static Application Security Testing (SAST)
What Application Security Solution Do You Use That Is DevOps Friendly?

Comments

Over 4 years ago
Dynamic Application Security Testing (DAST)
Good static code analysis helps to discover vulnerabilities
About 6 years ago
Dynamic Application Security Testing (DAST)
Needs a cloud-based version, although it's easy to scan and then to share scan reports

About me

I joined this forum to help correct some blatantly bad info about the software i support, but I am blocked from noting these. For instance, one EOL product used for DAST was being compared to an Open Source management suite, so WTF? Also, I could correct the public URLs to help the readers find more relevant data. Ah well....

Certifications
  • CISSP CISM