Loading product reviews...

application-security-testing hpe All Markets > Application Security Testing

Hewlett Packard Enterprise

3.9 out of 5.0 (11 ratings)

Reviews Distribution

5 Stars
4 Stars
3 Stars
2 Stars
1 Star
We don't have any qualitative reviews for this vendor yet


View other vendors in this market
We have aggregated ratings data on Hewlett Packard Enterprise but all of our reviewers have opted out of sharing their qualitative review feedback. In certain cases we allow reviewers to withhold their qualitative review feedback from public view, in order to protect their confidentiality.
  • 5 out of 5.0, Reviewed

    Product(s): Fortify Static Code Analyzer

    Implementation is easy

    Overall Comment

    Working with tool is excellent and when an issue arise vendor is able to help us as soon as possible.


  • 4 out of 5.0, Reviewed

    Product(s): Fortify Static Code Analyzer, WebInspect

    A good tool as a part of your toolbox.

    Overall Comment

    Software works relatively well; however, it does take some time to learn and get up to speed in order to optimize and customize for your environment.

    What one piece of advice would you give other prospective customers?

    No one tool does it all, but this is pretty robust. Consider this as a part of your toolbox.

    What do you like most about the product or service?

    Ability to provide insight into potential weaknesses in your software and recommendations as to how to address.

    What do you dislike most about the product?

    Significant false positive rate, especially if you don't know how to tune it to your environment.

    What one thing do you wish the vendor did differently?

    Improved APIs to assist in integrating with other software as part of a holistic assurance program.

    If you could start over, what would your organization do differently?

    More training of users up front.


  • 4 out of 5.0, Reviewed

    Product(s): WebInspect

    WebInspect - Good Tool, Provides good insight into Web Application Vulnerabilities.

    Overall Comment

    Required incremental upgrades from our older versions of WebInspect/AMP to be able to continue to view/use legacy scan database.

    What one piece of advice would you give other prospective customers?

    Shop the market, this tool does not scan very many types of source code and does not scan or report on open source libraries that may be included in your code.

    What do you like most about the product or service?

    Provides great advice on how developers can fix the bugs discovered.

    What do you dislike most about the product?

    Limitation on the types of code it scans.

    What one thing do you wish the vendor did differently?

    Provided support/visibility into open source libraries and integrated into Jenkins.

    If you could start over, what would your organization do differently?

    May look at some smaller, start-up vendors to save cost.

    Product capabilities - overall comment

    Good for what it does.


  • 4 out of 5.0, Reviewed

    Product(s): WebInspect

    Reliable web application security scanning tool.

    Overall Comment

    HP WebInspect is a useful web application security scanning tool. It compliments IBM AppScan and most of the findings are not false positive. The tool is very efficient and accurate in finding vulnerabilities such as SQL Injection.

    What do you like most about the product or service?

    Less false positives.

    What do you dislike most about the product?

    The cost.

    What one thing do you wish the vendor did differently?

    The Pricing. Pricing is very expensive when compared to other tools.


  • 3 out of 5.0, Reviewed

    Product(s): WebInspect

    HP - WebInspect - Boon and Curse.

    Overall Comment

    What has worked - identifying vulnerabilities in applications (boon). What has not worked - building the skill set and retaining them to operate the tool (curse).

    What one piece of advice would you give other prospective customers?

    Try cloud services in this area.

    What do you like most about the product or service?

    The ability to identify vulnerabilities in application code.

    What do you dislike most about the product?

    Cost- procurement and operations

    What one thing do you wish the vendor did differently?

    Help with providing resources for running the tool in times we didn't have any.

    If you could start over, what would your organization do differently?

    We would identify resources who could be trained from ground-up with a goal to retain them for at least 2 to 3 years. Go towards cloud services that provides the same services as HP WebInspect.

    Product capabilities - overall comment

    Doing what we want.

    Service & support - overall comment

    Good service.

    Integration & Deployment - Overall comment

    NA

    1 of 1 peer(s) found this review helpful.


  • 5 out of 5.0, Reviewed

    Product(s): Fortify on Demand

    Adds security understanding and can be applied through the App Development lifecycle

    Overall Comment

    HP Fortify identified critical security needs which were not identified by other vendors in our trials.

    What one piece of advice would you give other prospective customers?

    We are taking an incremental approach, beginning with our most key applications. This is providing valuable time to understand the outcomes and develop our approach in resolving identifed issues.

    What do you like most about the product or service?

    Adaptability to be used during application development.

    If you could start over, what would your organization do differently?

    Start sooner!

    Integration & Deployment - Overall comment

    Would like higher integration in continuous builds.


  • 3 out of 5.0, Reviewed

    Product(s): Fortify Static Code Analyzer

    Good tool. But may not be the best one.

    Overall Comment

    Produces lots of false positives

    What one piece of advice would you give other prospective customers?

    Compare results with some of the latest tools in this area.

    What do you like most about the product or service?

    Very sophisticated tool - may be one of the very few in this space.

    What do you dislike most about the product?

    Not a whole lot of API support. Need modernization of the technology stack.

    What one thing do you wish the vendor did differently?

    Better UI and better API support.

    If you could start over, what would your organization do differently?

    I would validate the results. This tool can produce a lot of false positives.


  • 4 out of 5.0, Reviewed

    Product(s): Fortify on Demand

    Very patient with us as we worked through multiple vendor evaluations.

    Overall Comment

    The HP reps. We have worked with vendor and it have been very responsive to our questions and needs.

    What one piece of advice would you give other prospective customers?

    Make sure you consider all the scenarios you want to cover with these tools. Make sure you consider automation where possible.

    What do you like most about the product or service?

    Once setup, it works really well.

    What do you dislike most about the product?

    There are some complexities in getting the product setup and some learning curve when it comes to "false positives".

    If you could start over, what would your organization do differently?

    Focus more on the cloud-based offerings up front rather than tack them onto the end.

    Product capabilities - overall comment

    Does exactly what we need it to do, and then some.

    Service & support - overall comment

    Our HP representatives have been very responsive.

    Integration & Deployment - Overall comment

    A bit of a learning curve but not really a surprise.


  • 3 out of 5.0, Reviewed

    Product(s): Fortify Static Code Analyzer

    Vendor needs to improve its support model and feedback on false positives.

    Overall Comment

    Product has good functionality. However, vendor changed the licensing model and the new model and support is not as good as it use to be.

    What one piece of advice would you give other prospective customers?

    Look for pro-active measures of scanning code during development and not after the code is ready to cutover to production.

    What do you like most about the product or service?

    Product functionality is good and goes through known exposure evaluations.

    What do you dislike most about the product?

    New licensing model and vendor support.

    What one thing do you wish the vendor did differently?

    Reduce the time they take to get back the scan results or discussion on false positives.

    If you could start over, what would your organization do differently?

    Look for other static code review products that can scan the code during development stages.


Ratings Overview

1 2 3 4 5
Section
1

Evaluation & Contracting

Overall rating of product evaluation and contract negotiation

(9)
3.9

Ability to understand your organization's needs

(11)
3.9

Timely and complete response to product questions

(11)
4.0

Pricing and contract flexibility (pricing and terms)

(10)
3.4
1 2 3 4 5
Section
1

Integration & Deployment

Overall rating of integration and deployment

(11)
3.8

How long did your deployment take?

0 - 3 months (<3)

3 - 6 months (<6)

6 - 9 months (<9)

9 - 12 months (<12)

I don't know


Availability of quality 3rd-party resources (integrators, service providers, etc.)

(5)
3.2

Ease of integration using standard APIs and tools

(10)
3.4

Quality and availability of end-user training

(7)
4.0

Ease of deployment

(9)
3.7
1 2 3 4 5
Section
1

Service & Support

Overall rating of service and support

(11)
4.2

Did you purchase a support package from the vendor?

Yes

No

I’m unsure


Timeliness of vendor's response

(10)
4.0

Quality of technical support

(9)
4.0

Quality of peer user community

(8)
3.6
1 2 3 4 5
Section
1

Product Capabilities

Overall rating of product capabilities

(11)
4.3

Dynamic AST as a Tool

(5)
4.2

Dynamic AST as a Service

(4)
4.0

Static AST as a Tool

(9)
4.2

Static AST as a Service

(9)
4.3

Interactive AST

(7)
3.9

Mobile AST

(6)
3.5

Enterprise-Class AST

(6)
4.0

Stand-Alone AST

(8)
4.3

WAF/EMM Integration or RASP

(5)
3.6
1 2 3 4 5
Section
1

Additional Context

What was the nature of your involvement?

Technical Assessment

Executive Sponsor

Functional Assessment

Application Lead

Development/Integration

User Training

Vendor/Product Selection

Maintenance and Support

Rollout and Install

Vendor Management


What other vendors were considered?

IBM

Qualys

Veracode

Appthority

CAST Software

Checkmarx

Cigital

Acunetix

GrammaTech

Rapid7

Rapid7 (NTO)

The Open Web Application Security Project (OWASP)

Virtual Forge


Why did you purchase this product?

Improve compliance & risk management

Create internal/operational efficiencies

Improve business process agility

Improve business process outcomes

Reduce time to market

Drive innovation

Enhance decision making

Improve customer relations/service

Other...


What were the key factors that drove your decision?

Product functionality and performance

Product roadmap and future vision

Functional breadth

Strong services expertise

Overall cost

Breadth of services

Financial/organizational viability

Pre-existing relationships

Strong consulting partnership

Strong customer focus


In which region(s) did your deployment take place?

North America