Try our new research platform with insights from 80,000+ expert users

OpenText Core Application Security vs Tenable.io Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 28, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

OpenText Core Application S...
Ranking in Application Security Tools
14th
Average Rating
8.0
Reviews Sentiment
6.7
Number of Reviews
62
Ranking in other categories
Static Application Security Testing (SAST) (12th)
Tenable.io Web Application ...
Ranking in Application Security Tools
15th
Average Rating
7.8
Reviews Sentiment
5.8
Number of Reviews
18
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of January 2026, in the Application Security Tools category, the mindshare of OpenText Core Application Security is 3.2%, down from 4.7% compared to the previous year. The mindshare of Tenable.io Web Application Scanning is 1.4%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Market Share Distribution
ProductMarket Share (%)
OpenText Core Application Security3.2%
Tenable.io Web Application Scanning1.4%
Other95.4%
Application Security Tools
 

Featured Reviews

Himanshu_Tyagi - PeerSpot reviewer
Lead Cybersecurity at TBO
Supports secure development pipelines and improves issue detection but limits internal visibility and needs broader dashboard integration
If you have an internal team and you want your internal team to validate false positives, basically to determine whether it's a valid issue or an invalid issue, then I wouldn't recommend it much. That was the only reason we migrated from Fortify on Demand to another solution. Fortify has another tool which is Fortify WebInspect. On Demand is the outsourcing solution, and WebInspect you can use with your in-house team, which is basically the product developed by the Fortify team. For automated scanning, Fortify helps a lot. Regarding the visibility for the internal team, everyone is moving toward the DevSecOps side, and Fortify team has made good progress that you can integrate into your CICD pipeline. One thing I would highlight is if Fortify can focus more on the centralized dashboard of the tools because nowadays, tools such as SentinelOne also exist for identifying security issues, but they have a centralized dashboard that merges their cloud solution and application security side solution together. If you have one tool that works for different solutions, it helps a lot. They are doing good, but they should invest more on the AI side as well because AI security is evolving these days. On the cloud side, they have already made good progress, but I believe they should explore the new area related to AI security as well.
JP
Cyber Security Architect at a comms service provider with 10,001+ employees
Centralized license management transforms asset manipulation based on functions and improves security posture
Now that the license is centralized, it's a significant feature to manipulate assets based on their functions. It provides a centralized view from end-to-end to its assets' identities and vulnerabilities. One of the greatest features is Kubernetes. The automated scanning capability is pretty standard in the market, and Tenable's prioritization engine helps improve the security posture.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is valuable in improving our overall security posture by catching significant errors."
"There is not only one specific feature that we find valuable. The idea is to integrate the solution in DevSecOps which we were able to do."
"Speed and efficiency are great features."
"The best features with Fortify on Demand include having analysis for any product based on analysis points."
"The most valuable feature is the capacity to be able to check vulnerabilities during the development process. The development team can check whether the code they are using is vulnerable to some type of attack or there is some type of vulnerability so that they can mitigate it. It helps us in achieving a more secure approach towards internal applications. It is an intuitive solution. It gives all the information that a developer needs to remediate a vulnerability in the coding process. It also gives you some examples of how to remediate a vulnerability in different programming languages. This solution is pretty much what we were searching for."
"I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification"
"What stands out to me is the user-friendliness of each feature."
"We have the option to test applications with or without credentials."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"We can get detailed information about vulnerabilities."
"The solution's instant reports feature is the most effective for detecting threats."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"Now that the license is centralized, it's a significant feature to manipulate assets based on their functions."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"The solution is stable."
 

Cons

"It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers."
"Micro Focus Fortify on Demand can improve by having more graphs. For example, to show the improvement of the level of security."
"Micro Focus Fortify on Demand could improve the user interface by making it more user-friendly."
"In terms of communication, they can integrate a few more third-party tools. It would be great if we can have more options for microservice communication. They can also improve the securability a bit more because security is one of the biggest aspects these days when you are using the cloud. Some more security features would be really helpful."
"It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt."
"Fortify on Demand needs to improve its pricing."
"New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions."
"It natively supports only a few languages. They can include support for more native languages. The response time from the support team can also be improved. They can maybe include video tutorials explaining the remediation process. The remediation process is sometimes not that clear. It would be helpful to have videos. Sometimes, the solution that the tool gives in the GUI is not straightforward to understand for the developer. At present, for any such issues, you have to create a ticket for the support team and request help from the support team."
"The reporting has a very limited customization capability."
"The solution's dashboards could be improved and made more user-friendly."
"The platform's technical support services could be better."
"Sometimes it lags with different cloud environments."
"The report customization needs to be better."
"Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."
"The market is standard for vulnerability scanning, however, the posture can be improved through Tenable's prioritization engine."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
 

Pricing and Cost Advice

"We make an annual purchase of the licenses we need."
"It is not more expensive than other solutions, but the pricing is competitive."
"The pricing model it's based on how many applications you wish to scan."
"We are still using the trial version at this point but I can already see from the trial version alone that it is a good product. For others, I would say that Fortify on Demand might look expensive at the beginning, but it is very powerful and so you shouldn't be put off by the price."
"It is cost-effective."
"The solution is expensive and the price could be reduced."
"The solution is a little expensive."
"If I exceed one million lines of code, there might be an extra cost or a change in the pricing bracket."
"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."
"Tenable.io Web Application Scanning is expensive for small businesses."
"The pricing is okay."
"It follows the same licensing scheme as Tenable.io and Tenable. sc."
"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."
"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
"I rate the product's pricing a four out of ten."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
881,082 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
18%
Manufacturing Company
14%
Computer Software Company
8%
Government
8%
Financial Services Firm
13%
Computer Software Company
10%
Government
9%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business17
Midsize Enterprise8
Large Enterprise44
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise5
Large Enterprise7
 

Questions from the Community

What do you like most about Micro Focus Fortify on Demand?
It helps deploy and track changes easily as per time-to-time market upgrades.
What is your experience regarding pricing and costs for Micro Focus Fortify on Demand?
In comparison with other tools, they're competitive. It is not more expensive than other solutions, but their pricing is competitive. The licenses for Fortify On Demand are generally bought in unit...
What needs improvement with Micro Focus Fortify on Demand?
If you have an internal team and you want your internal team to validate false positives, basically to determine whether it's a valid issue or an invalid issue, then I wouldn't recommend it much. T...
What do you like most about Tenable.io Web Application Scanning?
The most effective feature of the product is the ability to scan the entire environment.
What needs improvement with Tenable.io Web Application Scanning?
If there were a solution, I would like to see automation and an integrated remediation solution for vulnerability or patch management.
What advice do you have for others considering Tenable.io Web Application Scanning?
I do not understand what API approach means; I do not understand this term. I think Tenable.io Web Application Scanning is the best option on the market at the moment. My review rating for this pro...
 

Also Known As

Micro Focus Fortify on Demand
No data available
 

Overview

 

Sample Customers

SAP, Aaron's, British Gas, FICO, Cox Automative, Callcredit Information Group, Vital and more.
IMDEX
Find out what your peers are saying about OpenText Core Application Security vs. Tenable.io Web Application Scanning and other solutions. Updated: December 2025.
881,082 professionals have used our research since 2012.