Try our new research platform with insights from 80,000+ expert users
OpenText Core Application Security Logo

OpenText Core Application Security pros and cons

Vendor: OpenText
4.0 out of 5
Leave a review

Pros & Cons summary

OpenText Core Application Security enables swift vulnerability identification and remediation, integrating seamlessly with platforms like Microsoft Information Server and Jira. The cloud-based solution supports multiple languages but lacks features such as Software Composition Analysis. Despite accurate static code analysis, it suffers from false positives and lengthy scan times. Integration with CI/CD pipelines needs refinement, and its technical support is often slow, complicating issue resolution for developers.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

OpenText Core Application Security facilitates faster remediation cycles by enabling developers to quickly identify and address vulnerabilities.
It identifies security vulnerabilities early in the development process, allowing issues to be resolved before reaching the client stage.
The static code analysis features provide accurate results, minimizing false positives and enhancing risk reduction.
OpenText Core Application Security seamlessly integrates with various development platforms such as Microsoft Information Server and Jira, streamlining the developer's workflow.
Being cloud-based, OpenText Core Application Security requires no installation and is easily scalable, supporting a wide range of programming languages.

CONS

OpenText Core Application Security lacks some important features that competitors have, such as Software Composition Analysis and full dead code detection.
There are complaints about frequent false positives, complicating vulnerability assessments.
Scans are time-consuming, taking up to three to five days, and improvements are needed to reduce this timeframe.
Technical support is inadequate, with slow response times and issues connecting with technical or sales representatives.
The integration process in CI/CD pipelines and with GitHub or GitLab is underdeveloped and could be improved.
 

OpenText Core Application Security Pros review quotes

JL
Jason Lebrecht US
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
Aug 25, 2017
I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification
Read full review
it_user326421 - PeerSpot reviewer
it_user326421
Solution Security Architect with 1,001-5,000 employees
Oct 11, 2015
Excellent – from the PoC through setup and implementation; we received timely and knowledgeable support whenever we need it.
Read full review
it_user362055 - PeerSpot reviewer
it_user362055
Senior Manager at a tech services company with 10,001+ employees
Dec 27, 2015
I think the most valuable feature is its ability to address the source code scanning and dynamic scanning in a known, correlated way.
Read full review
Buyer's Guide
OpenText Core Application Security
March 2026
Free Report: OpenText Core Application Security Reviews and More
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
884,873 professionals have used our research since 2012.
it_user399378 - PeerSpot reviewer
it_user399378
Director of Information Technology at a tech consulting company with 501-1,000 employees
Mar 3, 2016
It enforces source-code scanning, finding vulnerabilities in source code.
Read full review
it_user441546 - PeerSpot reviewer
it_user441546
Information Security Lead Consultant & Application Security Specialist at a energy/utilities company with 1,001-5,000 employees
May 11, 2016
It's saved us a lot of time as we focus primarily on security consultancy work rather than tool operational work.
Read full review
it_user455427 - PeerSpot reviewer
it_user455427
Development and Database Manager at a financial services firm with 501-1,000 employees
Jun 3, 2016
This identification provides us an advantage in that the service itself works to stay abreast and knowledgeable about emerging threats.
Read full review
it_user488208 - PeerSpot reviewer
it_user488208
Specialist Master/Manager at a consultancy with 10,001+ employees
Aug 29, 2016
The static code analyzer provides views from a security perspective and it is easy to use compared to others.
Read full review
it_user488193 - PeerSpot reviewer
it_user488193
System Engineer at a tech services company with 501-1,000 employees
Jul 22, 2016
HP Fortify is perfect for any company that creates their own applications or uses vendor-developed ones; it’s great for QA and development phases.
Read full review
it_user506661 - PeerSpot reviewer
it_user506661
Senior Lead at a computer software company with 1,001-5,000 employees
Aug 21, 2016
We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients.
Read full review
it_user512112 - PeerSpot reviewer
it_user512112
Technical Lead at a tech services company with 10,001+ employees
Sep 14, 2016
Audit workbench: for on-the-fly defect auditing.
Read full review
Show 10 more reviews (out of 62)
 

OpenText Core Application Security Cons review quotes

JL
Jason Lebrecht US
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
Aug 25, 2017
With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities.
Read full review
it_user326421 - PeerSpot reviewer
it_user326421
Solution Security Architect with 1,001-5,000 employees
Oct 11, 2015
It needs to support more languages.
Read full review
it_user362055 - PeerSpot reviewer
it_user362055
Senior Manager at a tech services company with 10,001+ employees
Dec 27, 2015
It could use better integration with the incident management processor.
Read full review
Buyer's Guide
OpenText Core Application Security
March 2026
Free Report: OpenText Core Application Security Reviews and More
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
DOWNLOAD NOW
884,873 professionals have used our research since 2012.
it_user399378 - PeerSpot reviewer
it_user399378
Director of Information Technology at a tech consulting company with 501-1,000 employees
Mar 3, 2016
Stability could use a little improvement as we've had some issues. It runs out of memory sometimes and uses a lot of resources.
Read full review
it_user441546 - PeerSpot reviewer
it_user441546
Information Security Lead Consultant & Application Security Specialist at a energy/utilities company with 1,001-5,000 employees
May 11, 2016
It would be useful if they could integrate secure design reviews, security user stories in Fortify on Demand Portal, and also look for possible options to get just one view of risks for given services (Covering Application, Infrastructure, Pen. Test, etc.).
Read full review
it_user455427 - PeerSpot reviewer
it_user455427
Development and Database Manager at a financial services firm with 501-1,000 employees
Jun 3, 2016
I find that while it does find a lot of legitimate threats, it tends to have a lot of false positives, and there are more false positives than I would like to see.
Read full review
it_user488208 - PeerSpot reviewer
it_user488208
Specialist Master/Manager at a consultancy with 10,001+ employees
Aug 29, 2016
Technical support is 6/10. I find the Internet to be more helpful at times than their own tech support in finding answers.
Read full review
it_user488193 - PeerSpot reviewer
it_user488193
System Engineer at a tech services company with 501-1,000 employees
Jul 22, 2016
The only thing that comes to mind regarding room for improvement are the security vulnerability updates.
Read full review
it_user506661 - PeerSpot reviewer
it_user506661
Senior Lead at a computer software company with 1,001-5,000 employees
Aug 21, 2016
The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there.
Read full review
it_user512112 - PeerSpot reviewer
it_user512112
Technical Lead at a tech services company with 10,001+ employees
Sep 14, 2016
.NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio.
Read full review
Show 10 more reviews (out of 62)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs OpenText Core Application Security Logo
SonarQube vs OpenText Core Application Security
Snyk vs OpenText Core Application Security Logo
Snyk vs OpenText Core Application Security
Checkmarx One vs OpenText Core Application Security Logo
Checkmarx One vs OpenText Core Application Security
GitLab vs OpenText Core Application Security Logo
GitLab vs OpenText Core Application Security
Veracode vs OpenText Core Application Security Logo
Veracode vs OpenText Core Application Security
Coverity Static vs OpenText Core Application Security Logo
Coverity Static vs OpenText Core Application Security
GitHub Advanced Security vs OpenText Core Application Security Logo
GitHub Advanced Security vs OpenText Core Application Security
Acunetix vs OpenText Core Application Security Logo
Acunetix vs OpenText Core Application Security
Mend.io vs OpenText Core Application Security Logo
Mend.io vs OpenText Core Application Security
OWASP Zap vs OpenText Core Application Security Logo
OWASP Zap vs OpenText Core Application Security
Sonatype Lifecycle vs OpenText Core Application Security Logo
Sonatype Lifecycle vs OpenText Core Application Security
PortSwigger Burp Suite Professional vs OpenText Core Application Security Logo
PortSwigger Burp Suite Professional vs OpenText Core Application Security
GitGuardian Platform vs OpenText Core Application Security Logo
GitGuardian Platform vs OpenText Core Application Security
HCL AppScan vs OpenText Core Application Security Logo
HCL AppScan vs OpenText Core Application Security
Qualys Web Application Scanning vs OpenText Core Application Security Logo
Qualys Web Application Scanning vs OpenText Core Application Security
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs OpenText Core Application Security Logo
SonarQube vs OpenText Core Application Security
Snyk vs OpenText Core Application Security Logo
Snyk vs OpenText Core Application Security
Checkmarx One vs OpenText Core Application Security Logo
Checkmarx One vs OpenText Core Application Security
GitLab vs OpenText Core Application Security Logo
GitLab vs OpenText Core Application Security
Veracode vs OpenText Core Application Security Logo
Veracode vs OpenText Core Application Security
Coverity Static vs OpenText Core Application Security Logo
Coverity Static vs OpenText Core Application Security
GitHub Advanced Security vs OpenText Core Application Security Logo
GitHub Advanced Security vs OpenText Core Application Security
Acunetix vs OpenText Core Application Security Logo
Acunetix vs OpenText Core Application Security
Mend.io vs OpenText Core Application Security Logo
Mend.io vs OpenText Core Application Security
OWASP Zap vs OpenText Core Application Security Logo
OWASP Zap vs OpenText Core Application Security
Sonatype Lifecycle vs OpenText Core Application Security Logo
Sonatype Lifecycle vs OpenText Core Application Security
PortSwigger Burp Suite Professional vs OpenText Core Application Security Logo
PortSwigger Burp Suite Professional vs OpenText Core Application Security
GitGuardian Platform vs OpenText Core Application Security Logo
GitGuardian Platform vs OpenText Core Application Security
HCL AppScan vs OpenText Core Application Security Logo
HCL AppScan vs OpenText Core Application Security
Qualys Web Application Scanning vs OpenText Core Application Security Logo
Qualys Web Application Scanning vs OpenText Core Application Security
See all alternatives
Related questions
  • 33
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 22
What are the costs for Micro Focus Fortify on Demand?
  • 168
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 80
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 179
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 136
What are the Top 5 cybersecurity trends in 2022?
  • 67
Which application security solutions include both vulnerability scans and quality checks?
  • 87
We're evaluating Tripwire, what else should we consider?
  • 334
Is SonarQube the best tool for static analysis?
  • 72
Why Do I Need Application Security Software?