We use it to scan the bank's applications systematically. This process aims to identify and address security vulnerabilities within the applications, ensuring the robustness of our security measures.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
45 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Safe and Secured Barrier
What do you like best about the product?
We can reduce the risk posed by third-party apps with the use of Micro Focus Fortify, a RASP solution. Real-time visibility and vulnerability protection are provided.
Additionally, clean-up rules are enforced by this instrument. With the most advanced security research supporting it, this offers the most comprehensive runtime monitoring and protection, as well as the most advanced static and dynamic application security testing solutions.
Additionally, clean-up rules are enforced by this instrument. With the most advanced security research supporting it, this offers the most comprehensive runtime monitoring and protection, as well as the most advanced static and dynamic application security testing solutions.
What do you dislike about the product?
There is no major drawback about this tool except network interruption at times which has a scope of improvement.
What problems is the product solving and how is that benefiting you?
Our company's extranet security is managed in real-time via Micro Focus Fortify Application Defender. By protecting critical data, this security posture reduces the likelihood of cyberattacks.
With the use of this tool, we can promptly detect and address security risks that safeguard data. It guarantees our clients' trust.
With the use of this tool, we can promptly detect and address security risks that safeguard data. It guarantees our clients' trust.
A highly trusted and comprehensive application security testing solution, known for its seamless integration, advanced technical capabilities, and reliability
What is our primary use case?
How has it helped my organization?
It stands out by generating fewer false positives which has a distinct advantage, as it translates to reduced remediation efforts, requiring less human resources and cost. The tool provides more accurate feedback to the development team, allowing them to focus their efforts on addressing genuine vulnerabilities efficiently.
What is most valuable?
I appreciate all the features, with a particular emphasis on their vulnerability scanner. For instance, in our environment where two-factor authentication is prevalent across many of our sites, the scanner efficiently identifies vulnerabilities, including those related to second-factor methods or mobile codes. What stands out to me is the user-friendliness of each feature. Given that we're a bank with multiple applications, having the flexibility to customize solutions according to the unique needs of each application is crucial.
What needs improvement?
It would be highly beneficial if Fortify on Demand incorporated runtime analysis, similar to how Contrast Security utilizes agents for proactive application security. This could enhance the solution significantly. Moreover, considering the evolving threat landscape and the inevitability of zero-day vulnerabilities, implementing mechanisms like heuristic approaches would be advantageous. By incorporating heuristic algorithms or leveraging artificial intelligence, especially in the form of behavioral analysis akin to network security practices, Fortify could evolve into a more resilient solution. This could involve heuristic analysis for source code, the introduction of AI-driven processes for enhanced security, and the identification of security hotspots.
For how long have I used the solution?
In this company, I have been using it for three months.
What do I think about the stability of the solution?
When it comes to stability, I haven't observed any issues such as crashes or performance issues during the scanning process. I would rate it ten out of ten.
What do I think about the scalability of the solution?
I would rate its scalability capabilities nine out of ten. Our approach involves a centralized team, and we conduct scans across all applications within UBS. Throughout my experience, we've successfully scanned 150 applications.
What about the implementation team?
The ability to install software often depends on individual circumstances. In my case, coming from a security background, the machines provided in our company are typically set up by the network or DevOps team.
What's my experience with pricing, setup cost, and licensing?
Despite being on the higher end in terms of cost, the biggest value lies in its abilities, including robust features, seamless integration, and high-quality findings.
Which other solutions did I evaluate?
We were considering upgrading to the enterprise level, given the need for a robust solution in the banking environment. During this evaluation, we compared Netsparker, Burp Suite, and Fortify. After conducting a proof of concept (POC) that involved testing APIs, websites, and infrastructure arrangements, we presented our analysis to management. Ultimately, Fortify was selected as the preferred choice.
What other advice do I have?
With over 12 years in application security, I've consistently observed the adoption of Fortify in major organizations like Cognizant, Barclays, and Credit Suisse. Across large banks in Europe, Fortify has established a reputation for reliability and effectiveness. Drawing on my experience, I am confident that organizations with clear problem statements and no budget constraints will find Fortify to be a comprehensive solution. Its technical capabilities and features align well with the diverse needs of large organizations in the banking sector. Overall, I would rate it ten out of ten.
Which deployment model are you using for this solution?
On-premises
Importance of this application
What do you like best about the product?
It enforces clean-up regulations. This provides the most thorough static and dynamic application security testing technologies, as well as runtime monitoring and protection, all backed by the most cutting-edge security research.
What do you dislike about the product?
Sometimes it disconnects. Not sure if it is with the connection or just the host of this application.
What problems is the product solving and how is that benefiting you?
Help me manage an entire program of a client. Protect my network to secure my device and data from hackers. Was also using other Fortify applications.
Review of MicroFocus Application Defender
What do you like best about the product?
MicroFocus is a security company which provides verious kind of security and fortify application defender is one of their tool. It is an RASP Solution designed to help us to mitigate risk from third party applications. It provides visibility and protecting software vulnerability in real time.
What do you dislike about the product?
It is an open text software application manager use to manage the unstructured data for verious professional service firm and government agency. It help to manage larg amount of data. It work on on primise or cloud as well. It can run on low end server machines.
What problems is the product solving and how is that benefiting you?
It help to provide visibility into application also it is good at being a great software protector. It help us to manage huge amount of containt for various companies. It also protects our device from third party applications and secure it from verious vulnerability.
Comprehensive capabilities with increased security measures
What do you like best about the product?
The support team is quick to resolve any confusion or doubts whichs great. There arent any issues with lag time.
What do you dislike about the product?
The tool benefits from having an user interface and more user friendly features. It is a tool to worth.
What problems is the product solving and how is that benefiting you?
Micro Focus Fortify Application Defender allows us to quickly identify and solves security threats protecting data. It ensures trust with our clients.
Monitoring and protection against threats
What do you like best about the product?
It works as a scanner. The support team is quick to solve any concerns. It is still a helpful tool.
What do you dislike about the product?
The interface complexity often makes navigation difficult. Slows down workflow.
What problems is the product solving and how is that benefiting you?
Micro Focus Fortify Application Defender does real-time control over our companys extranet security. This is a security posture that safeguards sensitive data minimizing the risks of cyber attacks.
Great job
What do you like best about the product?
Application development is easy when you have the core knowledge. Testing also makes easy in all environment and deployment part is also interesting.
Easy to integrate.
Easy to integrate.
What do you dislike about the product?
Nothing much to dislike. I have a positive opinion.
What problems is the product solving and how is that benefiting you?
Easy to integrate all the features.
Easy to scan code and smells out all bad code.
It's deployment platform which is integrated with cloud is also interesting.
Easy to scan code and smells out all bad code.
It's deployment platform which is integrated with cloud is also interesting.
Fortify Application Defender
What do you like best about the product?
One of the best cybersecurity softwares available in the market.
What do you dislike about the product?
There is nothing specific , I assume the lag time is also good.
What problems is the product solving and how is that benefiting you?
We test our applications on various environments which are open to threats and vulnerabilities.
A fast, stable, and scalable solution that can be used to scan software
What is our primary use case?
We use the solution to scan our software. We scan it at every build. We run the scans and read the reports.
What is most valuable?
The solution is very fast.
What needs improvement?
The products must provide better integration with build tools. In SonarQube scans, the pull requests are decorated. I don't know if it is a missing integration or a limitation, but I don't see the same feature in Fortify. The developer must be able to see whether the build has failed. I would like the pull request to be decorated like SonarQube. It's just not the same experience with Fortify.
I have a problem with the Java version because our projects now use OpenJDK 7 or 17, but the scan still requires JDK 1.8. It is a problem for me, and I don't know how to change it.
For how long have I used the solution?
I have been using the solution for a couple of months.
What do I think about the stability of the solution?
The tool is stable. I have no problem with it. I rate the stability a nine out of ten.
What do I think about the scalability of the solution?
My team has started using it recently. I rate the tool’s scalability a nine out of ten. We don't have any issues whatsoever.
What other advice do I have?
My organization has been using the solution for at least four years. I don’t deal with technical support directly. I would recommend the solution to others. We are dealing with some issues with the report.
The reports might be meaningful, but they sometimes do not match the situation. We cannot really deal with them. We don't know if they are false positives or if they're simply not relevant because they concern vulnerabilities in the development cycle and not in the production operations. It is sort of a mystery. Overall, I rate the tool an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Fortify scans the code and smells out the vulnerabilities which can't be detected via human eyes
What do you like best about the product?
It scans the code and provides a deep level of vulnerability analysis.
It helps to detect security flaws.
Though it's a static scan but does it's job well.
It helps to detect security flaws.
Though it's a static scan but does it's job well.
What do you dislike about the product?
It's a static scanner which limits it from analysing dynamic scenario.
Sometime it gives false positive report as well which should be ignored by the software.
Sometime it gives false positive report as well which should be ignored by the software.
What problems is the product solving and how is that benefiting you?
It helps to detect code smells and detect vulnerabilities which helps developer to prevent the application from security threats.
showing 11 - 20