TrustRadius: an HG Insights company

Fortify by OpenText

Score9 out of 10

22 Reviews and Ratings

Get a Demo

What is Fortify by OpenText?

An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.

Categories & Use Cases

Reviews

What users are saying about Fortify by OpenText.
View all reviews

A solid on-demand product for the Application Testing and Vulnerability Management.

Incentivized
Ankitkumar MistryView profile
Product Consultant in Information Technology at Aether Industries Ltd. (501-1000 employees employees)

Use Cases and Deployment Scope

We are in need of some tools which can be secure the apps management and have some integration to enhance the security of particular apps.

Then we have found Fortify by OpenText and it works really well in terms of our needs and giving us a perfect results. It is also offers a secure application development with their unique feedback features.

Pros

  • Industry leading solutions
  • Fast and easy integration
  • Support mechanism

Cons

  • Available for AppSec Solution only
  • Support is good but taking time for resolutions
  • Very few awareness for this product due to lack of marketing

Return on Investment

  • Comprehensive Application Reporting
  • App Monitoring
  • Application Vulnerability Test

Usability

Very Good DAST Product for Any Organization

Incentivized
Zishan Ali DakhaniView profile
Employee in Information Technology at Infosys (51-200 employees employees)

Use Cases and Deployment Scope

After 4 years of use, this tool is still the best for scanning dynamic applications. When we looked for alternatives, we discovered that none of them could match the speed with which it could audit and scan ASP.NET apps. Minor customisation is possible with the offered reports, which is ideal for our corporate requirements.

Pros

  • DAST Scanning
  • API Scanning
  • Less detection of false positive

Cons

  • NA
  • NA
  • NA

Most Important Features

  • Excellent integration with CICD Dashboard.
  • Excellent DevSecOps management

Return on Investment

  • detection of loopholes
  • pipeline scanning
  • Integration is really simple.
  • cloud applications that have been scanned

Alternatives Considered

Tenable.io

Other Software Used

Tenable.io, Veracode

Secure your software with frequent and automated scans

Incentivized
Gene BakerView profile
Vice President, Chief Architect, Development Manager and Software Engineer in Information Technology at WySTAR Global Retirement Solutions, a Wells Fargo Company (10,001+ employees employees)

Use Cases and Deployment Scope

We use Fortify on our applications to perform SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing). This is an Enterprise approved product and it is part of a suite of products used across the enterprise. This is NOT the only product we use for our testing, but part of a suite of products.

Pros

  • SAST
  • DAST
  • Manage Software Security Risk
  • Automation
  • Compliance
  • Integration

Cons

  • Cross module compliance

Return on Investment

  • Good as part of our security suite to help prevent successful attacks.
  • Reporting of defects helps to educate developers.
  • Worth the price we paid.

Alternatives Considered

CAST Highlight and Black Duck

Other Software Used

MongoDB, MongoDB Atlas, CAST Highlight

Best solution for DevSecOps Application Security

Incentivized
Verified User
C-Level Executive in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

I have used Micro Focus Fortify WebInspect for scanning applications during runtime and finding OWASP TOP 10 vulnerabilities. I have used it to integrate with CICD pipeline to automate security scanning of applications and website

Pros

  • Detection of vulnerabilities
  • Scanning pipelines
  • Integration is super easy
  • Scanned cloud based applications

Cons

  • It should focus on microservices and develop features
  • Performance need to be improved
  • Multiple apps should be easy to scan in parallel thus saving time

Most Important Features

  • Integration with CICD
  • Dashboard is great
  • DevSecOps management is great

Return on Investment

  • DevSecOps helped in reducing efforts
  • License cost was less
  • We could roll out double the count of applications with implementation of WebInspect

Alternatives Considered

Rapid7 InsightAppSec

Other Software Used

Rapid7 InsightAppSec, HCL AppScan, Checkmarx

WebInspect for static scanning

Incentivized
Verified User
Engineer in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

We use Micro Focus Fortify WebInspect for it's static analysis on our codebase of web applications. Using the reports generated for found vulnerabilities, we can work with our developers to target the high or critically ranked findings and reduce risk on our external and internally facing web apps and mobile apps.

Pros

  • Static code analysis
  • Organization of found vulnerabilities
  • Usually provides clear feedback on how to correct vulnerable code

Cons

  • Reporting could be better
  • Can be an involved setup if your organization is not using common build tools
  • Users get spammed with a lot of email updates from the service

Most Important Features

  • Static analysis
  • Vulnerability reporting
  • Automation

Return on Investment

  • A cheaper option than some other SAST tools
  • Automation of code scanning
  • Reduction of high and critical vulnerabilities

Alternatives Considered

Veracode, SonarQube and Contrast Assess

Other Software Used

Veracode, Contrast Assess, SonarQube