OpenText Core Application Security Reviews

Name: OpenText Core Application Security
Brand: OpenText
Rating: 4.0 (60 reviews)

4.0 out of 5

60 reviews
89% willing to recommend

What is OpenText Core Application Security?

OpenText Core Application Security offers robust features like static and dynamic scanning, real-time vulnerability tracking, and seamless integration with development platforms, designed to enhance code security and reduce operational costs.

Get the OpenText Core Application Security Buyer's Guide and find out what your peers are saying about OpenText Core Application Security, SonarQube Server (formerly SonarQube), GitLab and more!

OpenText Core Application Security is the #13 ranked solution in AST tools and #14 ranked solution in application security solutions. PeerSpot users give OpenText Core Application Security an average rating of 8.0 out of 10. OpenText Core Application Security is most commonly compared to SonarQube Server (formerly SonarQube): OpenText Core Application Security vs SonarQube Server (formerly SonarQube). OpenText Core Application Security is popular among the large enterprise segment, accounting for 70% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.

Buyer's Guide

OpenText Core Application Security

August 2025

Get the report

Helped 866,088 peers since 2012

Featured OpenText Core Application Security reviews

Jonathan Steyn

Principal Technical Consultant at EOH

Not challenges with the product itself. The product is very reliable. It does have a steep learning curve. But, again, one thing that Fortify or OpenText does very well is training. There are a lot of free resources and training in the community forums, free training as well as commercial training where users can train on how to use the back-end systems and the scanning engines and how to use command-line arguments because some of the procedures or some of the tools do require a bit of a learning curve. That's the only challenge I've really seen for customers because you have to learn how to use the tool effectively. But Fortify has, in fact, improved its user interface and the way users engage the dashboards and the interfaces. It is intuitive. It's easy to understand. But in some regards, the cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions. But from the point of the reliability index and how powerful the tool is, there's no challenge there. But it's just from a learning perspective; users might need a bit more skill to use the tool. The user interface isn't that tedious. It's not that difficult to understand. When I initially learned how to use the interfaces, I was able to master it within a week and was able to use it quite effectively. So training is required. All skills are needed to learn how to use the tool. I would like to see more enhancements in the dashboards. Dashboards are available. They do need some configuration and settings. But I would like to see more business intelligence capabilities within the tool. It's not particularly a cybersecurity function, but, for instance, business impact analysis or other features where you can actually use business intelligence capabilities within your security tool. That would be remarkable because not only do you have a cybersecurity tool, but you also have a tool that can give you business impact analysis and some other measurements. A bit more intelligence in terms of that from a cybersecurity perspective would be remarkable.

Read full review

Javad_Talebi

Cloud architect at Vodafone

We have added it to our operational toolkit to ensure it's part of our development spectrum. We added it directly into our Jenkins pipelines. We have some products that are publicly accessible via phone or website. These products need to be extra secure because they rely on firewalls, and hackers could potentially exploit them. Fortify on Demand provided us with valuable information on how to fix a critical API vulnerability. So, Fortify on Demand identifies critical vulnerabilities. We have two security scans. One is Fortify on Demand, and the other is for an outsourced company. For Fortify, you assign the specific branch of code you want to scan. You can scan the code you're currently deploying through Jenkins pipelines. Since it's external, you can also scan other brands if needed. Otherwise, you can specify which specific brands or smaller branches to scan within your entire codebase.

Read full review

AhmedElkholy

Pre-Sales Manager at Ejada Company Limited

One of the most valuable features of Fortify On Demand is its ability to integrate seamlessly with the DevOps lifecycle, particularly in terms of security testing. Injecting security testing into the DevOps process ensures that security measures are incorporated from the development stage onwards. It aligns with the main objective of DevOps, which is to automate and streamline the software development lifecycle, from code commit to deployment. With automation tools orchestrating the pipeline, tasks such as code compilation, testing, and deployment can be carried out rapidly and efficiently. This results in faster time-to-market for features, reducing deployment times from hours to minutes. It enhances trust from customers and cybersecurity teams, as security measures are built into the software from the outset, increasing confidence in the security.

Read full review

OpenText Core Application Security mindshare

Product category:

As of August 2025, the mindshare of OpenText Core Application Security in the Application Security Tools category stands at 4.3%, down from 5.1% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools Market Share Distribution
Product	Market Share (%)
OpenText Core Application Security	4.3%
SonarQube Server (formerly SonarQube)	22.4%
Checkmarx One	10.3%
Other	63.0%

Application Security Tools

PeerResearch reports based on OpenText Core Application Security reviews

Type	Title	Date
Category	Application Security Tools	Aug 28, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 28, 2025	Download
Comparison	OpenText Core Application Security vs SonarQube Server (formerly SonarQube)	Aug 28, 2025	Download
Comparison	OpenText Core Application Security vs Veracode	Aug 28, 2025	Download
Comparison	OpenText Core Application Security vs Checkmarx One	Aug 28, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	22.4%	81%	116 interviews Add to research
GitLab	4.2	2.6%	97%	85 interviews Add to research

Valuable Features

OpenText Core Application Security stands out for its efficient integration with DevOps, allowing seamless security testing during development. Its static and dynamic scanning capabilities ensure comprehensive vulnerability detection. Users value the user-friendly interface, customizable features, and detailed reporting. The ability to correlate results with prioritized guidance enhances remediation. AI-driven analysis provides actionable insights. Compatibility with multiple languages and platforms aids in addressing open-source vulnerabilities, improving security posture effectively for development teams.

"Fortify is effective in identifying such oversights, making it a really helpful tool despite its problems."
"It is valuable in improving our overall security posture by catching significant errors."
"The source code analyzer is the most effective for identifying security vulnerabilities."

Room for Improvement

OpenText Core Application Security needs better integration with incident management and CI/CD pipelines, support for more languages, and improved dynamic application security testing. Reporting and pricing require refinement and false positives need reduction. Users desire faster scanning, advanced business intelligence features, enhanced remediation guidance, stronger third-party tool integration, and support for newer technologies. Customizable reports with visual aids and more advanced security measures like AI are also sought for better efficiency and functionality.

"There are frequent complaints about false positives from Fortify. One day it may pass a scan with no issues, and the next day, without any code changes, it will report vulnerabilities such as password exposure."
"There are frequent complaints about false positives from Fortify."
"The cybersecurity specialist or AppSec would need a bit of training to engage the user interface and to understand how it functions."

ROI

Client satisfaction stems from enhanced security and cost avoidance achieved through OpenText Core Application Security. Automationlike Micro Focus Fortify on Demand streamlines processes, saving time from days to minutes. Although some find it challenging to quantify ROI, the value is recognized in preventing security breaches, downtime, and leveraging cost-effective security measures. Enhanced security measures, reduced bug densities, and proactive real-time monitoring contribute to the improved security posture and reduced attack surfaces.

Pricing

Enterprise users report that OpenText Core Application Security is perceived as expensive, with a pricing model that depends on the number of scans, applications, or users. While there are no setup costs due to its on-demand nature, the subscription model and license management could benefit from flexibility improvements. Some find the cost competitive compared to other tools, and Fortify on Demand is recommended for its robust features despite its higher price. Trial versions are popular for initial evaluation.

"It is not more expensive than other solutions, but the pricing is competitive."
"Fortify on Demand is more expensive than Burpsuite. I rate its pricing a nine out of ten."
"The product's cost depends on the type of license."

Popular Use Cases

OpenText Core Application Security is primarily used for static code analysis and vulnerability scanning across various applications, ensuring security compliance. Organizations deploy it in multiple environments like web and mobile, conducting dynamic and static scans. Integrated within development platforms, it helps development teams detect vulnerabilities such as unencrypted data transmission. It supports secure development lifecycles and assists in managing and improving application security by generating reports, creating tasks in Jira, and leveraging cloud and on-premise solutions.

Service and Support

OpenText Core Application Security has received mixed feedback on customer service and technical support. Some users find the support professional and responsive, particularly in timely assistance and knowledgeable teams. However, others note delays in response times and average interactions. The team’s expertise is praised by some users, emphasizing quick problem resolutions. On the downside, there are reports of slow responses, lack of coordination, and challenges during transitions or implementations.

Deployment

Users describe a varied experience with OpenText Core Application Security's initial setup. Many find it straightforward and intuitive, highlighting easy deployment and interface. However, some report challenges, particularly with integrations and complex environments, necessitating support or expertise. The cloud-based setup is often simpler than on-premises, which can require more effort. Opinions differ based on individual circumstances and previous experiences with similar tools, with many acknowledging the ease of use once the initial setup hurdles are addressed.

Scalability

OpenText Core Application Security offers robust scalability. Users report handling vast volumes of code efficiently, catering to various company scales, from startups to large enterprises. Its cloud-based infrastructure facilitates scalability, and users highlight the absence of significant limitations. Challenges are noted in pricing when scaling to higher code volumes. Overall, the application performs well for code scanning across different industries, allowing multiple users to engage without issues.

Stability

Users report that OpenText Core Application Security is generally stable with limited issues. While many appreciate its reliability and absence of crashes, some encounter memory-related challenges, especially during scans. Static scans on JavaScript-heavy code can be slow, requiring substantial system resources. Occasional browser hiccups are noted, but these are minor. System updates contribute to stability. Despite certain areas for improvement, users typically rate stability highly, with scores often around nine or ten out of ten.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our OpenText Core Application Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	12
Midsize Enterprise	6
Large Enterprise	37

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	272
Midsize Enterprise	191
Large Enterprise	1095

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

18%

Manufacturing Company

15%

Computer Software Company

10%

Government

Insurance Company

Educational Organization

Healthcare Company

University

Comms Service Provider

Transportation Company

Performing Arts

Media Company

Real Estate/Law Firm

Construction Company

Energy/Utilities Company

Retailer

Hospitality Company

Aerospace/Defense Firm

Outsourcing Company

Legal Firm

Pharma/Biotech Company

Wholesaler/Distributor

Logistics Company

Non Profit

Recreational Facilities/Services Company

Consumer Goods Company

Marketing Services Firm

Compare OpenText Core Application Security with alternative products

Learn more about OpenText Core Application Security

OpenText Core Application Security is a cloud-based, on-demand service providing accurate and deep scanning capabilities with detailed reporting. Its integrations with development platforms ensure an enhanced security layer in the development lifecycle, benefiting users by lowering operational costs and facilitating efficient remediation. The platform addresses needs for intuitive interfaces, API support, and comprehensive vulnerability assessments, helping improve code security and accelerate time-to-market. Despite its strengths, challenges exist around false positives, report clarity, and language support, alongside confusing pricing and package options. Enhancements are sought in areas like CI/CD pipeline configuration, report visualization, scan times, and integration with third-party tools such as GitLab, container scanning, and software composition analysis.

What features define OpenText Core Application Security?

Static and Dynamic Scanning: Offers thorough analysis to identify vulnerabilities during development.
Real-time Vulnerability Tracking: Continuously updates and monitors potential security threats.
Seamless Development Platform Integration: Enhances security processes without disrupting workflows.
Cloud-Based Service: Provides flexible, on-demand security capabilities with accurate results.
API Support: Allows smooth integration and automation within existing systems.

What benefits should users look for in reviews?

Reduced Operational Costs: Optimizes resources by lowering costs associated with security management.
Efficient Remediation: Speeds up the process of identifying and resolving vulnerabilities.
Enhanced Code Security: Strengthens overall application security during the development lifecycle.
Accelerated Time-to-Market: Streamlines development stages by integrating essential security tools.

Industries like mobile applications, e-commerce, and banking leverage OpenText Core Application Security for its ability to identify vulnerabilities such as SQL injections. Integrating seamlessly with DevSecOps and security auditing processes, this tool supports developers in writing safer code, ensuring secure application deployment and enhancing software assurance.

OpenText Core Application Security was previously known as Micro Focus Fortify on Demand.

OpenText Core Application Security customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Popular Comparisons

SonarQube Server (formerly SonarQube) vs OpenText Core Application Security

GitLab vs OpenText Core Application Security

Snyk vs OpenText Core Application Security

Checkmarx One vs OpenText Core Application Security

Veracode vs OpenText Core Application Security

Coverity vs OpenText Core Application Security

Mend.io vs OpenText Core Application Security

GitHub Advanced Security vs OpenText Core Application Security

OWASP Zap vs OpenText Core Application Security

SonarQube Cloud (formerly SonarCloud) vs OpenText Core Application Security

Acunetix vs OpenText Core Application Security

Sonatype Lifecycle vs OpenText Core Application Security

HCL AppScan vs OpenText Core Application Security

PortSwigger Burp Suite Professional vs OpenText Core Application Security

Qualys Web Application Scanning vs OpenText Core Application Security

See all alternatives

OpenText Core Application Security Reviews Summary
Author info	Rating	Review Summary
Lead Developer at a legal firm with 1,001-5,000 employees	3.5	I use Fortify to identify security vulnerabilities and sensitive information in source code, particularly access tokens. It's effective but prone to false positives and doesn't check CVEs in third-party libraries, which necessitates using an additional tool.
Principal Technical Consultant at EOH	5.0	I find Fortify on Demand to be effective in enhancing security posture through SAST and DAST scanning. It offers valuable dashboards for vulnerability analysis, though there's a learning curve. Its AI-driven engine significantly reduces bug densities and security incidents.
Cloud architect at Vodafone	4.0	We use Fortify on Demand to secure APIs and systems throughout development, testing, and production stages, finding its scanning capabilities crucial. Integration with pipelines like Jenkins could be smoother, but it remains essential for our security infrastructure.
Pre-Sales Manager at Ejada Company Limited	4.5	I use Fortify On Demand for identifying application vulnerabilities in sales and desk operations. Its seamless integration with DevOps enhances security testing. It's affordable, but I wish it had AI features like other vendors.
Architecture Manager at Alinma Bank	4.0	We used Fortify on Demand for cybersecurity threats, but its limited programming support and lack of dynamic testing led us to transition to SonarQube. SonarQube’s broader language support and pipeline integration improved testing for our core banking application.
Test Lead at a financial services firm with 10,001+ employees	5.0	I use Fortify on Demand to scan our bank's applications for security vulnerabilities. Its user-friendly features, especially the vulnerability scanner, are invaluable, though I wish it included runtime analysis and AI-driven enhancements for improved security.
Director at a healthcare company with 10,001+ employees	3.0	I use Fortify on Demand at my company for security code scans. While the tool serves its purpose, it produces many false positives, and reducing these would greatly enhance its effectiveness. Evaluating other tools is costly.
Security Tester at Ray Business Technologies Private Limited	4.5	We utilize Fortify on Demand for static code analysis. Its user-friendly automatic scanning and AI features excel in detecting vulnerabilities and recommending solutions. The integration with CI/CD tools is beneficial, though pricing could be improved.

OpenText Core Application Security Reviews

What is OpenText Core Application Security?

Featured OpenText Core Application Security reviews

OpenText Core Application Security mindshare

PeerResearch reports based on OpenText Core Application Security reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare OpenText Core Application Security with alternative products

Learn more about OpenText Core Application Security

OpenText Core Application Security customers

Related questions

Product Categories

Popular Comparisons