Item: Fortify by OpenText
Rating: 10
Author: Zishan Ali Dakhani

Use Cases and Deployment Scope

After 4 years of use, this tool is still the best for scanning dynamic applications. When we looked for alternatives, we discovered that none of them could match the speed with which it could audit and scan ASP.NET apps. Minor customisation is possible with the offered reports, which is ideal for our corporate requirements.

Pros and Cons

DAST Scanning
API Scanning
Less detection of false positive

Most Important Features

Excellent integration with CICD Dashboard.
Excellent DevSecOps management

Return on Investment

detection of loopholes
pipeline scanning
Integration is really simple.
cloud applications that have been scanned

Alternatives Considered

Tenable.io

When compared to Insight Appsec, Focus Fortify WebInspect performs better in terms of speed, integration, and detection capabilities. The variety of vulnerabilities it detected as being against Insight Appsec is what I appreciated the most. In addition to detecting capabilities, the processing time is also quicker than with Insight Appsec. Given its performance, I would definitely advise anyone searching for DevSecOps and application security solutions to use Micro Focus Fortify WebInspect.

Key Insights

Do you think Fortify by OpenText delivers good value for the price?

Yes

Are you happy with Fortify by OpenText's feature set?

Yes

Did Fortify by OpenText live up to sales and marketing promises?

Yes

Did implementation of Fortify by OpenText go as expected?

Yes

Would you buy Fortify by OpenText again?

Yes

Other Software Used

Tenable.io, Veracode

Likelihood to Recommend

SDLC deployment is simple. simple to use The coverage is thorough and complete as a DAST product.

Users and Roles

After using this product for 4 years, it is still a leader in dynamic application scanning. We tried to hunt for replacement and realized that no other beats the crawling and auditing speed and its ability to analyze ASP.NET applications. The provided reports allows minor customization which fits perfectly into our corporate requirements

Support Headcount Required

100 - Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.

Business Processes Supported

static analysis
reporting

Innovative Uses

Future Planned Uses

it is very awesome tool

Likelihood to Renew

Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.

Very Good DAST Product for Any Organization

Overall Satisfaction with Micro Focus Fortify WebInspect