An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.
N/A
Tenable Vulnerability Management
Score 9.5 out of 10
N/A
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable Web App Scanning (formerly Tenable.io), a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.
N/A
Pricing
Fortify by OpenText
Tenable Vulnerability Management
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Fortify by OpenText
Tenable Vulnerability Management
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Fortify by OpenText
Tenable Vulnerability Management
Features
Fortify by OpenText
Tenable Vulnerability Management
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Fortify by OpenText
-
Ratings
Tenable Vulnerability Management
8.4
Ratings
6% above category average
Network Analytics
00 Ratings
10.00 Ratings
Threat Recognition
00 Ratings
10.00 Ratings
Vulnerability Classification
00 Ratings
10.00 Ratings
Automated Alerts and Reporting
00 Ratings
4.00 Ratings
Threat Analysis
00 Ratings
10.00 Ratings
Threat Intelligence Reporting
00 Ratings
5.00 Ratings
Automated Threat Identification
00 Ratings
10.00 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
I think Micro Focus Fortify WebInspect could fit really any organization well that needs to perform static code analysis on their applications (they do have dynamic scanning but I don't have any experience using it). Different static analysis tools scan code differently, Micro Focus Fortify WebInspect requires you to provide a full build of the application to be submitted with debugging files which could be easy or hard depending on how your organization is building it's apps.
Tenable.io is a cost effective Internal and External scanner. The Internal scanner came with a .ova, so it was very simple and quick to deploy it into our ESXi environment. It has a cloud-based dashboard for management and the internal scanner is configured to auto-update from Tenable.io. The license came with 4 External PCI scans (with remediation) a year.
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.
Support is usually really great at walking you through any steps you need to take when you get stuck on something. There are a few false positives and errors that have come up over the years that required their help to get through. Unfortunately, the steps required to diagnose some problems are more tedious than I think should be necessary. (IE: SQL instances can throw errors that clog up your logs because one plugin affects it in a certain way. The process to diagnose this is to watch timestamps of plugins in a log while monitoring the SQL logs at the same time and using your best guess as to what is causing it.)
Micro Focus Fortify WebInspect is better when it comes to speed, integration and detection capabilities as compared to Insight Appsec. What I loved the most is the broad coverage of vulnerabilities it identified as against Insight Appsec. Apart from detection capabilities the time taken is also less compared to Insight Appsec. Given the performance of Micro Focus Fortify WebInspect I would strongly recommend to everyone looking for DevSecOps and application security solutions
I think Tenable and Qualys have a lot of similarities, I continue to go back to Tenable because of my familiarity and comfort level with it. I've also used a company called SecurityMetrics which has vulnerability scanning included but it is not as comprehensive as Tenable.
We're able to mitigate over 90% of our vulnerability risk without too much effort. It helps find where automated patching fails and we can plan a fix from the findings.
A side effect of our scanning reveals new devices on our network that aren't cleared to be.