We use Fortify on Demand to look at dependency vulnerabilities and vulnerabilities in the source code. We are customers of Micro Focus.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
44 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Provides good depth of scanning but is unfortunately not fully integrated with CIT processes
What is our primary use case?
What is most valuable?
We've found the depth of scanning that the product provides and the results we get are the most valuable features.
What needs improvement?
We need something that's going to be fully integrated with CIT processes from setting up a new microservice to scanning and managing other vulnerabilities. As of now, we don't have that which makes it a painful process.
For how long have I used the solution?
I've been using this solution for three years.
What do I think about the stability of the solution?
The solution is stable.
How was the initial setup?
The solution was implemented prior to my joining the company so I have no information regarding the initial setup.
What's my experience with pricing, setup cost, and licensing?
We're changing our licensing model because we currently pay 1,000 euro per scan which is ridiculous. We're working on changing it to a flat rate.
What other advice do I have?
Whether or not this solution will be useful depends on the maturity of your organization. If you understand what all the messages and the analysis mean, and you can usefully react to it then I think you should absolutely use it. If you're still working out these things, you should probably first go through some learning process and start with some simpler tooling that gives you some insights.
The challenge is always how to make things actionable and that is lacking to some extent. If, for example, there is something that depends on scans for vulnerability for all your dependencies and just pulls requests for you, Fortify doesn't action anything. It leaves all the actioning things to you so in a sense, it creates more work for the developers, but it doesn't help them to do the work.
We're not happy with the solution as a process because of the way it's internally implemented in the bank. On the other hand, the features are quite good so I would rate that aspect higher. On average, I rate this solution seven out of 10.
Which deployment model are you using for this solution?
On-premises
Fortify, one stop shop for Application Security Testing
What do you like best about the product?
Fortify provides excellent drill-down capabilities for analyzing vulnerabilities and recommended steps for fixing or remediation.
What do you dislike about the product?
It would be nice to see more Dashboards and Metrics out of the box.
What problems is the product solving and how is that benefiting you?
It provides a powerful platform for validating all of our Applications and provides comprehensive recommendations for addressing any identified vulnerabilites.
Recommendations to others considering the product:
When starting out I strongly recommend that you leverage the expertise and experience of the Fortify on Demand team. They have a lot of resources around best practices, cases studies, scaling up your program, creating roadmaps, etc.
FoD is an excellent way to find vulnerabilities in Apps
What do you like best about the product?
How the vulnerabilities are presented. There's always detailed information to determine if the vulnerability is true false or false positive, etc.
What do you dislike about the product?
False positives and no auto report generator after a dynamic scan.
What problems is the product solving and how is that benefiting you?
Securing applications written in many programming languages.
Good
What do you like best about the product?
the dashboard
simple UI
Admin panel
Integration options
simple UI
Admin panel
Integration options
What do you dislike about the product?
Time taking process.
No Rich colourful UI
UX is bad
No Rich colourful UI
UX is bad
What problems is the product solving and how is that benefiting you?
CICD support.
Micro Focus Application Defender is a good program, just not the bes for us
What do you like best about the product?
What I like best about Micro Focus Application Defender is the elimination of current threats very quickly, thereby saving us lots of time and money
What do you dislike about the product?
What I dislike about Micro Focus Application Defender is that it can be very confusing to use and some of our employees don't have the patience it requires
What problems is the product solving and how is that benefiting you?
We are solving the problems of threats thru the internet. With many temporary satellite offices, this is a beneficial software.
Recommendations to others considering the product:
Keep up the good work, just try to make it simpler to use for everyone.
Real-time control of the security of the company's extranet
What do you like best about the product?
For years I have been working with this company and the truth is that except for some setbacks of lost files, the overall assessment is positive. All the tools available to the company and the possible threats are controlled in real time.What I like most about this product are the neutralization of current threats and the actaulizations that occur quickly and efficiently. The speed of the resolution of them from my point of view is one of the best options available in the market today.
What do you dislike about the product?
As a negative point I would say that the documentation of the guides that are included as the notes guides are quite complex and difficult to understand. Anyway, the support team solves doubts quickly
What problems is the product solving and how is that benefiting you?
One of the main solutions that this tool generates in our company is the amount of time and money that saves us and the security we have when working every day.
Doesn't really do as it says
What do you like best about the product?
Scans are thorough, easily distributed. Branding. Perceived integration.
What do you dislike about the product?
Returns many false positives - for example identifies any variable with the name 'key' as a stored encryption key violation. Doesn't understand the context of code, or entry points for an exploit. Cumbersome in execution (will monopolize a machine's resources while running).
What problems is the product solving and how is that benefiting you?
Intended use for security reasons and strengthening code. Unsure of benefits at this time.
Recommendations to others considering the product:
Shop around. Identify what need it for first before signing on.
Flexible security monitoring for applications
What do you like best about the product?
Fortify has a magical dashboard where you can find and detect your security issues in your applications.
What do you dislike about the product?
I would like a more flexible GUI to edit and design reports.
What problems is the product solving and how is that benefiting you?
Application Security
Recommendations to others considering the product:
Best tool for detect application issues.
Overall a good experience
What do you like best about the product?
There is a good flexibility of the demand ability
What do you dislike about the product?
Customer service has not been great. Not intuitive so takes some time to get really into it.
What problems is the product solving and how is that benefiting you?
It is a great tool as part of the «toolbox». We use the software for testing for us to meet the security standards. It benefits us in the sense that we feel confident that we meet the requirements of the security standards.
Recommendations to others considering the product:
I guess it works great for securing data, but it takes time to really learn how to use it. If you have problems are basically left to figure it out yourself.
My Agile Manager Experience
What do you like best about the product?
I appreciate the interface for backlog management as well as the test management structure
What do you dislike about the product?
Better functionality could be added for release management
What problems is the product solving and how is that benefiting you?
an agile management solution that can be used across a distributed workforce
showing 21 - 30