No more typing reviews! Try our Samantha, our new voice AI agent.

Contrast Security Protect vs OpenText Core Application Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 29, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Contrast Security Protect
Ranking in Application Security Tools
34th
Average Rating
8.4
Reviews Sentiment
5.8
Number of Reviews
3
Ranking in other categories
No ranking in other categories
OpenText Core Application S...
Ranking in Application Security Tools
12th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
64
Ranking in other categories
Static Application Security Testing (SAST) (9th)
 

Mindshare comparison

As of May 2026, in the Application Security Tools category, the mindshare of Contrast Security Protect is 1.1%, up from 0.5% compared to the previous year. The mindshare of OpenText Core Application Security is 3.1%, down from 4.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
OpenText Core Application Security3.1%
Contrast Security Protect1.1%
Other95.8%
Application Security Tools
 

Featured Reviews

ToddMcAlister - PeerSpot reviewer
Lead Application and Data Security Engineer at a insurance company with 5,001-10,000 employees
It provides us with more in-depth visibility into ongoing attacks.
I rate Contrast Security Protect eight out of 10. Overall, it's a solid product, but I deduct a couple of points because of the interface and some shortcomings in the reporting. If you have a large enterprise where you're dealing with a lot of servers, then it makes sense not to use the internal MySQL database. You should use something like Oracle or Microsoft SQL, but if you don't have many transactions, the embedded MySQL database works great.
Himanshu_Tyagi - PeerSpot reviewer
Lead Cybersecurity at TBO
Supports secure development pipelines and improves issue detection but limits internal visibility and needs broader dashboard integration
If you have an internal team and you want your internal team to validate false positives, basically to determine whether it's a valid issue or an invalid issue, then I wouldn't recommend it much. That was the only reason we migrated from Fortify on Demand to another solution. Fortify has another tool which is Fortify WebInspect. On Demand is the outsourcing solution, and WebInspect you can use with your in-house team, which is basically the product developed by the Fortify team. For automated scanning, Fortify helps a lot. Regarding the visibility for the internal team, everyone is moving toward the DevSecOps side, and Fortify team has made good progress that you can integrate into your CICD pipeline. One thing I would highlight is if Fortify can focus more on the centralized dashboard of the tools because nowadays, tools such as SentinelOne also exist for identifying security issues, but they have a centralized dashboard that merges their cloud solution and application security side solution together. If you have one tool that works for different solutions, it helps a lot. They are doing good, but they should invest more on the AI side as well because AI security is evolving these days. On the cloud side, they have already made good progress, but I believe they should explore the new area related to AI security as well.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The Protect solution allows applications to continue to run, even with known vulnerabilities, but will report or block attempts to exploit the vulnerabilities."
"The solution has excellent real-time capabilities."
"Contrast Security's support is great. They're willing to spend a lot of time on your problem."
"The product gives a few false positives. We get 99 percent true positives."
"Protect provides us with more in-depth visibility into ongoing attacks."
"It's saved us a lot of time as we focus primarily on security consultancy work rather than tool operational work."
"Fortify helps us to stay updated with the newest languages and versions coming out."
"The process was easy to follow and we were supported 24/7 by TAM personnel to help with any fire drills, which was helpful many times when I needed a quick answer late at night or early in the morning."
"The features that I have found most valuable include its security scan, the vulnerability finds, and the web interface to search and review the issues."
"The biggest advantage of this tool, Fortify on Demand, is that it is very scalable; it provides all the features just in time, and you do not need to have massive deployment or a lot of compute capabilities to use the product—that's the beauty of it."
"This product is top-notch solution and the technology is the best on the market."
"Fortify on Demand is a very good service which can be used by any organization when they are building a team because it identifies security vulnerabilities early in the software development life cycle and provides good visibility into issues in cloud-hosted applications."
"When choosing a software security product, we expect the product not only has the ability to find exploits, but also has educational and instructional capabilities related to exploits."
 

Cons

"Protect's reporting GUI is very basic. To get all statuses from the APIs, we needed to write our own KPI dashboard to provide reports."
"There's room for improvement in the initial setup."
"There's room for improvement in the initial setup."
"We're not using it much anymore because we had some performance issues."
"Contrast Security Protect needs to improve integration."
"The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility."
"During development, when our developer makes changes to their code, they typically use GitHub or GitLab to track those changes. However, proper integration between Fortify on Demand and GitHub and GitLab is not there yet. Improved integration would be very valuable to us."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"We typically do our bulk uploads of our scans with some automation at the end of the development cycle but the scanning can take a lot of time."
"The only thing that comes to mind regarding room for improvement are the security vulnerability updates."
"Fortify on Demand could be improved with support in Russia."
"We want a user-based control and role-based access for developers. We want to give limited access to developers so that it only pertains to the code that they write and scanning of the codes for any vulnerabilities as they're progressing with writing the code. As of now, the interface to give restricted access to the developers is not the best. It gives them more access than what is basically required, but we don't want over-provisioning and over-access."
"Fortify on Demand needs to improve its pricing."
 

Pricing and Cost Advice

Information not available
"Micro Focus Fortify on Demand licenses are managed by our IT team and the license model is user-based."
"We are still using the trial version at this point but I can already see from the trial version alone that it is a good product. For others, I would say that Fortify on Demand might look expensive at the beginning, but it is very powerful and so you shouldn't be put off by the price."
"Despite being on the higher end in terms of cost, the biggest value lies in its abilities, including robust features, seamless integration, and high-quality findings."
"Fortify on Demand is more expensive than Burpsuite. I rate its pricing a nine out of ten."
"Fortify on Demand is moderately priced, but its pricing could be more flexible."
"It is not more expensive than other solutions, but the pricing is competitive."
"There are different costs for Micro Focus Fortify on Demand depending on the assessments you want to use. There is only a standard license needed to use the solution."
"Fortify on Demand is affordable, and its licensing comes with a year of support."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
893,221 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Manufacturing Company
13%
Construction Company
7%
Computer Software Company
5%
Financial Services Firm
14%
Manufacturing Company
13%
Government
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business18
Midsize Enterprise8
Large Enterprise45
 

Questions from the Community

Ask a question
Earn 20 points
What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?
In comparison with other tools, they're competitive. It is not more expensive than other solutions, but their pricing is competitive. The licenses for Fortify On Demand are generally bought in unit...
What needs improvement with Micro Focus Fortify on Demand?
Areas for improvement should be contextualized post the OpenText acquisition, but back when I was working with Micro Focus, they focused heavily on enterprise-centric solutions. Now, after the acqu...
What is your primary use case for Micro Focus Fortify on Demand?
For OpenText Core Application Security, I currently support a couple of my clients who are using Fortify on Demand for their web application, CRM, and sales platform. Many good features of Fortify ...
 

Also Known As

Contrast Protect
Micro Focus Fortify on Demand
 

Overview

 

Sample Customers

Williams-Sonoma, Autodesk, HUAWEI, Chromeriver, RingCentral, Demandware.
SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
Find out what your peers are saying about Contrast Security Protect vs. OpenText Core Application Security and other solutions. Updated: April 2026.
893,221 professionals have used our research since 2012.