Listing Thumbnail

    Fortify on Demand

     Info
    Sold by: OpenText Cybersecurity 
    Build software resilience from a partner you can trust with application security as a service. Achieve all the advantages of security testing, vulnerability management, tailored expertise, and support without the need for additional infrastructure or resources.
    0 AWS reviews
    |
    22 external reviews
    View purchase options
    Listing Thumbnail

    Fortify on Demand

     Info
    Sold by: OpenText Cybersecurity 
    View purchase options

    Overview

    Play video
    1/1

    Fortify on Demand is the only application provider to offer static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and mobile application testing (MAST) on demand so you can choose the solution that is right for your business. Our Application Security Testing solutions are best for organizations looking for software resilience for modern development from a partner they can trust.

    When Security Matters in DevOps Fortify integrates into your existing development toolchain seamlessly, giving you the highest quality findings and remediation advice during every stage, creating more secure software. With Fortify, you don't need to trade quality of results for speed.

    Modern AppSec for your Cloud Transformation Whether your app is fully cloud-native or just beginning to modernize, Fortify has you covered every stop of the way. Fortify is purpose built to secure the rapidly evolving technologies and architectures with the flexibility to recognize no two applications are the same - all backed by constantly evolving intelligence on new attack vectors.

    Evolve the security of your software supply chain Be confident in everything that goes into the applications you deliver to your customers and users by evolving the security of your software supply chain. Protect the integrity of your software and SDLC with precise identification, matching, and results from proprietary research data on custom code and third-party risks. With Fortify, trust the future of your software supply chain.

    Your trusted partner for enterprise grade AppSec Make application security part of your organizations fabric as you scale from one to hundreds or even thousands of apps with a partner and ecosystem you can trust. Fortify delivers a holistic, inclusive and extensible platform that supports the breadth of your software portfolio and teams with a comprehensive suite of products and services that guide you throughout your journey.

    We have pre-packaged scan bundles listed. Different scanning services would require various quantity of assessment units - AU. Please visit: https://www.microfocus.com/media/guide/fortify-on-demand-service-description.pdf  for more information. Please click this URL to request a private offer: http://www.microfocus.com/FOD_privateproposal 

    Highlights

    • Static assessments detect over 1137 unique categories of vulnerabilities across 29 programming languages that span over 1 million individual APIs. CyberRes Fortify is Iron Bank approved and included in Platform One - P1 as part of the United States Department of Defense Enterprise DevSecOps initiative
    • Automate security in the CI/CD pipeline with Swagger-supported RESTful APIs, GitHub repository, and plugins for a large set of ecosystem partners offering DevOps, VSTS, and Jenkins.
    • First and leading application security as a service solution to be JAB authorized and FedRAMP certified. Fortify has been a Leader in the Gartner Magic Quadrant for application security testing for 8 consecutive years

    Details

    Sold by
    OpenText Cybersecurity 
    Categories
    Security 
    Testing 
    Continuous Integration and Continuous Delivery 
    Delivery method

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases
    View financing details

    Pricing

    Fortify on Demand

     Info
    View purchase options
    Pricing is based on contract duration. You pay upfront or in installments according to your contract terms with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.

    12-month contract (12)

     Info
    Dimension
    Description
    Cost/12 months
    1 AU
    Assessment Units (at least 4 and less than 99 quantity)
    $996.00
    1 AU (>100)
    100+ Assessment Units with Managed Support
    $864.00
    15 Static AU
    15 Static Applications, Single Security Assessments
    $14,190.00
    60 Static AU
    15 Static Applications, Security Assessment Subscriptions
    $54,360.00
    10 Mobile AU
    10 Mobile Applications, Single Security Assessments
    $9,960.00
    40 Mobile AU
    10 Mobile Applications, Security Assessment Subscriptions
    $37,840.00
    30 Dynamic AU
    15 Dynamic Website, Single Security Assessment
    $28,380.00
    90 Dynamic AU
    15 Dynamic Website, Security Assessment Subscriptions
    $81,540.00
    20 API AU
    10 Dynamic API, Single Security Assessments
    $18,920.00
    60 API AU
    10 Dynamic API, Security Assessment Subscriptions
    $54,360.00

    Vendor refund policy

    No Refunds

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Live Support via Chat, Email, Portal, and Digital Courseware https://ams.fortify.com/contact-us , https://emea.fortify.com/contact-us ,

    Get support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Get support

    Product comparison

     Info
    Updated weekly
    Fortify on Demand
    By OpenText Cybersecurity
    StackHawk
    By StackHawk, Inc.
    Checkmarx One
    By Checkmarx

    Accolades

     Info
    Top
    25
    In Testing
    Top
    50
    In Testing
    Top
    25
    In Testing

    Customer reviews

     Info
    AI generated sentiment from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    22 reviews 
    Positive
    Mixed
    Positive
    Mixed
    61 reviews 
    Positive
    Positive
    Positive
    Positive
    34 reviews 
    Positive
    Positive
    Mixed
    Negative
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Static Application Security Testing (SAST)
    Detect over 1137 unique categories of vulnerabilities across 29 programming languages that span over 1 million individual APIs
    Automated Security Integration
    Automate security in the CI/CD pipeline with Swagger-supported RESTful APIs, GitHub repository, and plugins for a large set of ecosystem partners offering DevOps, VSTS, and Jenkins
    Compliance and Certification
    First and leading application security as a service solution to be JAB authorized and FedRAMP certified
    Dynamic Application Security Testing (DAST)
    Perform dynamic application security testing (DAST) on demand
    Interactive Application Security Testing (IAST)
    Offer interactive application security testing (IAST) on demand
    Dynamic Application Security Testing (DAST)
    Automated DAST scanning to shift security left and ensure vulnerabilities are identified before production
    API Testing
    Ability to reliably test REST, SOAP, and GraphQL APIs
    Developer-Focused Security
    Modern DAST approach that enables developers to write secure software fast and allows security teams to scale at the speed of software deployment
    Generative AI Technology
    Generative AI technology to help security teams identify hidden APIs, providing information about what APIs exist, where they live, and who they belong to
    CI/CD Integration
    Ability to run as part of the CI/CD pipeline with AWS CodeBuild and AWS CodePipeline to automate security testing as part of software delivery
    Static Application Security Testing
    Flexible, accurate solution able to identify hundreds of vulnerabilities and weaknesses in custom code, with support for 25+ languages and frameworks
    Software Composition Analysis
    Enables identification and prioritization of open source vulnerabilities, inventory of open source components and dependencies in use, and evaluation of open source license risk
    Infrastructure as Code Analysis
    Detects security misconfigurations in IaC templates, helping prevent errors such as open storage buckets, insecure databases, and excessive privileges
    Integrated Platform
    Single event, like a code commit or build stage, can trigger scans of source code, dependencies, and IaC templates, with results aggregated in one place
    Scan Optimization
    Scans only new or modified code, reducing time and resources required for security testing

    Contract

     Info
    Standard contract
    No
    No
    No

    Customer reviews

    Write a review

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 AWS reviews
    |
    22 external reviews
    External reviews are sourced from G2  and are not included in the star rating for this product.
    Ranjit Kumar M.

    Great job

    Reviewed on Sep 29, 2023
    Review provided by G2
    What do you like best about the product?
    Application development is easy when you have the core knowledge. Testing also makes easy in all environment and deployment part is also interesting.
    Easy to integrate.
    What do you dislike about the product?
    Nothing much to dislike. I have a positive opinion.
    What problems is the product solving and how is that benefiting you?
    Easy to integrate all the features.
    Easy to scan code and smells out all bad code.
    It's deployment platform which is integrated with cloud is also interesting.
    Leave a comment0 comments
    Non-Profit Organization Management

    Fortify, one stop shop for Application Security Testing

    Reviewed on Nov 29, 2021
    Review provided by G2
    What do you like best about the product?
    Fortify provides excellent drill-down capabilities for analyzing vulnerabilities and recommended steps for fixing or remediation.
    What do you dislike about the product?
    It would be nice to see more Dashboards and Metrics out of the box.
    What problems is the product solving and how is that benefiting you?
    It provides a powerful platform for validating all of our Applications and provides comprehensive recommendations for addressing any identified vulnerabilites.
    Recommendations to others considering the product:
    When starting out I strongly recommend that you leverage the expertise and experience of the Fortify on Demand team. They have a lot of resources around best practices, cases studies, scaling up your program, creating roadmaps, etc.
    Leave a comment0 comments
    Banking

    FoD is an excellent way to find vulnerabilities in Apps

    Reviewed on Nov 29, 2021
    Review provided by G2
    What do you like best about the product?
    How the vulnerabilities are presented. There's always detailed information to determine if the vulnerability is true false or false positive, etc.
    What do you dislike about the product?
    False positives and no auto report generator after a dynamic scan.
    What problems is the product solving and how is that benefiting you?
    Securing applications written in many programming languages.
    Leave a comment0 comments
    Information Technology and Services

    Good

    Reviewed on Aug 10, 2021
    Review provided by G2
    What do you like best about the product?
    the dashboard
    simple UI
    Admin panel
    Integration options
    What do you dislike about the product?
    Time taking process.
    No Rich colourful UI
    UX is bad
    What problems is the product solving and how is that benefiting you?
    CICD support.
    Leave a comment0 comments
    Information Technology and Services

    Doesn't really do as it says

    Reviewed on Apr 06, 2018
    Review provided by G2
    What do you like best about the product?
    Scans are thorough, easily distributed. Branding. Perceived integration.
    What do you dislike about the product?
    Returns many false positives - for example identifies any variable with the name 'key' as a stored encryption key violation. Doesn't understand the context of code, or entry points for an exploit. Cumbersome in execution (will monopolize a machine's resources while running).
    What problems is the product solving and how is that benefiting you?
    Intended use for security reasons and strengthening code. Unsure of benefits at this time.
    Recommendations to others considering the product:
    Shop around. Identify what need it for first before signing on.
    Leave a comment0 comments
    View all reviews