Home/ New SaaS Software/ Micro Focus Fortify On Demand/ Reviews
An ideal new SaaS software
Fortify has a magical dashboard where you can find and detect your security issues in your applications.
I would like a more flexible GUI to edit and design reports.
Best tool for detect application issues.
Application Security
it helps spot any flaws in our security application system.
I feel there should me more sell package options
it helps quickly spot flaws in our applications and security.
We use the HP Fortify on Demand SaaS, this allows us to free up resources from having to spend time maintaining the infrastructure.
The product allows for RBAC, which helps in allowing appropriate access at all levels.
We have implemented a process of Scan-at-Build, this allows us to ensure that continuous testing is performed.
Additionally, we have enabled SSO, so that developers are able to login to check results as well as add commentary information.
One thing that I would like to see improved is the capability for the platform to be able to send alerts on detection of findings. This would allow for stakeholders to be made aware, and take action
A good option for Static Analysis, helps close the application layer gaps as well as provides reporting
We have compliance requirements for code review, and the department runs fairly lean. The product has allowed us to setup continuous testing as well as self-service
The response time for analysis report is pretty fast and very well detailed. The reports are very granular and the communication with the vendor is pretty much instantaneous.
Sometimes the level of effort to fight a "red flag" in the code can be overwhelming. This requires engaging senior level people to agree on something. It feels like going through an audit and having to fight the major discrepancies. That is very time consuming.
I would defeinetly recommend this product to anyone looking to validate the security and the quality of the code of any custom application. I probably would recommend the SaS versus the on premises solution.
Our code must meet certain security standards that must be validated by a third party such as HPE Fortify. That gives our customers the assurance that our code is secure and optimized to meet their requirements and security standards.
Application development is easy when you have the core knowledge. Testing also makes easy in all environment and deployment part is also interesting.
Easy to integrate.
Nothing much to dislike. I have a positive opinion.
Easy to integrate all the features.
Easy to scan code and smells out all bad code.
It's deployment platform which is integrated with cloud is also interesting.
capabilities like Dynamic Application Security Testing Software along with integration with CI orchestration tools and adding its metrics as a quality gate make it a real deal-breaker
Would like to have options to use a configurable backend and better RestAPI's for reporting and building a custom integration. Also, integration options with current CI and ALM tools should be improved.
Need to focus on building RestAPI's for reporting and custom integration
Helped us to automate Application Security and vulnerability testing (DAST scanning) for our critical customer-facing web applications and integrate it as part of our CICD workflow
Fortify provides excellent drill-down capabilities for analyzing vulnerabilities and recommended steps for fixing or remediation.
It would be nice to see more Dashboards and Metrics out of the box.
When starting out I strongly recommend that you leverage the expertise and experience of the Fortify on Demand team. They have a lot of resources around best practices, cases studies, scaling up your program, creating roadmaps, etc.
It provides a powerful platform for validating all of our Applications and provides comprehensive recommendations for addressing any identified vulnerabilites.
How the vulnerabilities are presented. There's always detailed information to determine if the vulnerability is true false or false positive, etc.
False positives and no auto report generator after a dynamic scan.
Securing applications written in many programming languages.
The ability to scale and growth from a on site centralized location, to a more of SaaS cloud based. The ability to have a centralize location for all security monitoring and testing within one system and application. While also having the ability to develop any new processes.
The application is very flexible in regards to setting up shop. Meaning it gives an entity the flexibility to develop according to their respective budget, company direction in regards to Portal Web Based, in house hosting, or a matrix or both.
If the application is set as a self-service tool, SaaS., it takes away some of the leverage of in-house fixes. Yes the cost is much more attractive to a smaller organization. However, for a larger entity. The upfront cost of setting the infrastructure for the application to be in house, would out weight some of the troubles of migrating later in time.
Truly test and each case scenario for implementation. Meaning just because on option is cheaper up-front, it does not necessarily will be the best solution for the next 3, 5, 10 years. Think of all the possible outcomes and what the company needs not just today but years down the road, to avoid possible migrations and added cost due to poor internal planning.
continuous process improvement within the security layer of the enterprise. The ability to test and obtain real time information on issues, while gaining recommendations.
Looking for the right SaaS
We can help you choose the best SaaS for your specific requirements. Our in-house experts will assist you with their hand-picked recommendations.
Want more customers?
Our experts will research about your product and list it on SaaSworthy for FREE.
What I liked about micro focus is that they are are extremely easy to learn and use which is great for people of all ages.
There wasn't much to dislike about this product they are constantly working to improve it. The price could be a bit lower but its still not terrible.
MicroFocus Fortify is great for scripting and just the simple identification that not alot of other softwares tend to offer. We are currently just implementing it now throughout the office in order to evaluate if we like it or not and want to proceed with the program or switch
It was used to help us with identification within multiple applications