Sold by: OpenText
Deployed on AWS
Build software resilience from a partner you can trust with application security as a service. Achieve all the advantages of security testing, vulnerability management, tailored expertise, and support without the need for additional infrastructure or resources.
4.1
Overview
Fortify is the only application provider to offer static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and mobile application testing (MAST) on demand so you can choose the solution that is right for your business. Our Application Security Testing solutions are best for organizations looking for software resilience for modern development from a partner they can trust.
When Security Matters in DevOps Fortify integrates into your existing development toolchain seamlessly, giving you the highest quality findings and remediation advice during every stage, creating more secure software. With Fortify, you don't need to trade quality of results for speed.
Modern AppSec for your Cloud Transformation Whether your app is fully cloud-native or just beginning to modernize, Fortify has you covered every stop of the way. Fortify is purpose built to secure the rapidly evolving technologies and architectures with the flexibility to recognize no two applications are the same - all backed by constantly evolving intelligence on new attack vectors.
Evolve the security of your software supply chain Be confident in everything that goes into the applications you deliver to your customers and users by evolving the security of your software supply chain. Protect the integrity of your software and SDLC with precise identification, matching, and results from proprietary research data on custom code and third-party risks. With Fortify, trust the future of your software supply chain.
Your trusted partner for enterprise grade AppSec Make application security part of your organizations fabric as you scale from one to hundreds or even thousands of apps with a partner and ecosystem you can trust. Fortify delivers a holistic, inclusive and extensible platform that supports the breadth of your software portfolio and teams with a comprehensive suite of products and services that guide you throughout your journey.
We have pre-packaged scan bundles listed. Different scanning services would require various quantity of assessment units - AU. Please visit: https://www.microfocus.com/media/guide/fortify-on-demand-service-description.pdf for more information. Please click this URL to request a private offer: http://www.microfocus.com/FOD_privateproposal
Highlights
- Static assessments detect over 1137 unique categories of vulnerabilities across 29 programming languages that span over 1 million individual APIs. CyberRes Fortify is Iron Bank approved and included in Platform One - P1 as part of the United States Department of Defense Enterprise DevSecOps initiative
- Automate security in the CI/CD pipeline with Swagger-supported RESTful APIs, GitHub repository, and plugins for a large set of ecosystem partners offering DevOps, VSTS, and Jenkins.
- First and leading application security as a service solution to be JAB authorized and FedRAMP certified. Fortify has been a Leader in the Gartner Magic Quadrant for application security testing for 8 consecutive years
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
1 AU | Assessment Units (at least 4 and less than 99 quantity) | $996.00 |
1 AU (>100) | 100+ Assessment Units with Managed Support | $864.00 |
15 Static AU | 15 Static Applications, Single Security Assessments | $14,190.00 |
60 Static AU | 15 Static Applications, Security Assessment Subscriptions | $54,360.00 |
10 Mobile AU | 10 Mobile Applications, Single Security Assessments | $9,960.00 |
40 Mobile AU | 10 Mobile Applications, Security Assessment Subscriptions | $37,840.00 |
30 Dynamic AU | 15 Dynamic Website, Single Security Assessment | $28,380.00 |
90 Dynamic AU | 15 Dynamic Website, Security Assessment Subscriptions | $81,540.00 |
20 API AU | 10 Dynamic API, Single Security Assessments | $18,920.00 |
60 API AU | 10 Dynamic API, Security Assessment Subscriptions | $54,360.00 |
Vendor refund policy
No Refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Live Support via Chat, Email, Portal, and Digital Courseware https://ams.fortify.com/contact-us , https://emea.fortify.com/contact-us ,
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By OpenText
By Checkmarx
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Static Application Security Testing
Detects over 1137 unique categories of vulnerabilities across 29 programming languages spanning over 1 million individual APIs
Dynamic and Interactive Application Security Testing
Offers dynamic application security testing (DAST), interactive application security testing (IAST), and mobile application security testing (MAST) capabilities on demand
CI/CD Pipeline Integration
Integrates into development toolchain with Swagger-supported RESTful APIs, GitHub repository support, and plugins for DevOps, VSTS, and Jenkins ecosystem partners
Software Supply Chain Security
Provides precise identification and matching of custom code and third-party risks using proprietary research data to protect software integrity and SDLC
Cloud-Native Application Support
Purpose-built to secure rapidly evolving cloud-native technologies and architectures with flexibility to adapt to diverse application requirements and emerging attack vectors
Static Application Security Testing
Identifies vulnerabilities and weaknesses in custom code with support for 25+ languages and frameworks, scanning uncompiled code and re-scanning only new or modified code.
Software Composition Analysis
Identifies and prioritizes open source vulnerabilities, takes inventory of open source components and dependencies, and evaluates risks of open source licenses.
Infrastructure as Code Analysis
Detects security misconfigurations in IaC templates using KICS to prevent errors such as open storage buckets, insecure databases, and excessive privileges.
Real-time IDE Security Scanning
Provides real-time vulnerability detection during IDE development for both human-generated and AI-generated code, identifying vulnerabilities, unmasked secrets, vulnerable container images, and malicious open source packages.
Agentic-AI Remediation
Generates remediation suggestions using AI agents that access proprietary databases and customized AI models to provide context-aware code fixes with interactive refinement capabilities.
Risk Contextualization Engine
Proprietary Risk Graph that contextualizes security findings from third-party tools and native solutions based on likelihood and impact of risk to minimize backlogs and triage time.
Multi-Tool Security Integration
Aggregates and enriches security findings from SAST, SCA, CSPM, runtime API security tools, and manual processes including bug bounty programs and penetration testing.
Supply Chain Security Monitoring
Monitors commits to flag anomalous developer behavior and surfaces risky material code changes for integrated software supply chain security assessment.
Source Control Integration
API-based integration with source control managers to create complete inventory of applications, supply chain components, their risks, and changes over time.
LLM-Enriched Remediation Guidance
Provides large language model-enriched remediation guidance tied to code owners and root causes to improve remediation cycles and reduce developer friction.
Standard contract
No
No
No
Customer reviews
Mollie M.
Great Product
Reviewed on Jan 25, 2024
Review provided by G2
What do you like best about the product?
The application allows me to work more efficiently, by not having to go back and correct errors. Allows for open communication.
What do you dislike about the product?
The platform can be touchy depending on the computer system you are using it on.
What problems is the product solving and how is that benefiting you?
Helping with runtime monitoring
hitiksha s.
Review form micro focus fortify app
Reviewed on Dec 18, 2023
Review provided by G2
What do you like best about the product?
It helps to manage risk from third- party application.
What do you dislike about the product?
It is easy to use.
There is no major drawback about this tool.
There is no major drawback about this tool.
What problems is the product solving and how is that benefiting you?
It provides centralized visibility into application use and abuse while protecting from software vulnerability exploits.
Computer Software
App Sec Specialist
Reviewed on Dec 07, 2023
Review provided by G2
What do you like best about the product?
It does what it suppose to do and just works.
What do you dislike about the product?
I don't have any complaints as the product does what it advertises.
What problems is the product solving and how is that benefiting you?
It manages and migates risk from homegrown or 3rd party applications.
Alfas A.
Best
Reviewed on Dec 06, 2023
Review provided by G2
What do you like best about the product?
Very easy to use and a lot of features..
What do you dislike about the product?
I ccount find any downside as of now. LOVED IT
What problems is the product solving and how is that benefiting you?
harnesses the power of application security data across the Software Development Lifecycle (SDLC) by measuring and improving the efficiency, accuracy, and value to an organization.
Ajinkya M.
Safe and Secured Barrier
Reviewed on Nov 04, 2023
Review provided by G2
What do you like best about the product?
We can reduce the risk posed by third-party apps with the use of Micro Focus Fortify, a RASP solution. Real-time visibility and vulnerability protection are provided.
Additionally, clean-up rules are enforced by this instrument. With the most advanced security research supporting it, this offers the most comprehensive runtime monitoring and protection, as well as the most advanced static and dynamic application security testing solutions.
Additionally, clean-up rules are enforced by this instrument. With the most advanced security research supporting it, this offers the most comprehensive runtime monitoring and protection, as well as the most advanced static and dynamic application security testing solutions.
What do you dislike about the product?
There is no major drawback about this tool except network interruption at times which has a scope of improvement.
What problems is the product solving and how is that benefiting you?
Our company's extranet security is managed in real-time via Micro Focus Fortify Application Defender. By protecting critical data, this security posture reduces the likelihood of cyberattacks.
With the use of this tool, we can promptly detect and address security risks that safeguard data. It guarantees our clients' trust.
With the use of this tool, we can promptly detect and address security risks that safeguard data. It guarantees our clients' trust.