Try our new research platform with insights from 80,000+ expert users
OpenText Core Application Security Logo

OpenText Core Application Security pros and cons

Vendor: OpenText
4.0 out of 5
Leave a review

Pros & Cons summary

OpenText Core Application Security identifies vulnerabilities early in the software development life cycle, helping mitigate risks pre-deployment. It integrates with tools like Microsoft Information Server and JIRA, providing automatic code scanning and detailed reporting. Its cloud-based nature ensures a scalable deployment. Despite its strengths, the solution faces challenges in reporting, bug tracker integration, technology support, and false positives, with room for more competitive pricing given the lack of some advanced features.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

OpenText Core Application Security offers comprehensive support for various programming languages and easily integrates with development tools through API support, facilitating seamless integration in diverse environments.
Its detailed reporting and ability to perform deep and efficient scanning allow users to efficiently identify and address security vulnerabilities within applications.
The automated scanning feature and CI/CD integration streamline the process of detecting vulnerabilities in code, enhancing the development process while maintaining security standards.
The IT operations and non-coders can utilize OpenText Core Application Security, as it provides comprehensive information pinpointing exactly where issues are located, promoting ease of use for all users.
Speed, scalability, and cloud-based accessibility make OpenText Core Application Security an effective tool for detecting vulnerabilities early in the software development lifecycle and offering valuable insights into application security.

CONS

Reporting capabilities need improvement, including visually pleasing features and more analytic views for enterprise applications.
Integration with bug tracking systems and CI/CD pipelines lacks flexibility and effectiveness, especially with platforms like GitLab and Jenkins.
There are frequent issues with false positives, causing disruptions and requiring manual inspection to verify vulnerability reports.
Technical support is inadequate, with slow responses and difficulty in resolving issues post-acquisition by Hewlett Packard.
Scanning processes are time-consuming and often inefficient with dependencies on specific environments like Windows Agents over Linux.
 

OpenText Core Application Security Pros review quotes

JL
Jason Lebrecht US
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
Aug 25, 2017
I don’t know of any other On-Demand enterprise solution like this one where we can load the details and within a few days, receive the results of intrusion attacks, and work with HP Security Experts when needed for clarification
Read full review
it_user506661 - PeerSpot reviewer
it_user506661
Senior Lead at a computer software company with 1,001-5,000 employees
Aug 21, 2016
We identified a lot of security vulnerability much earlier in the development and could fix this well before the product was rolled out to a huge number of clients.
Read full review
it_user512112 - PeerSpot reviewer
it_user512112
Technical Lead at a tech services company with 10,001+ employees
Sep 14, 2016
Audit workbench: for on-the-fly defect auditing.
Read full review
Buyer's Guide
OpenText Core Application Security
January 2026
Free Report: OpenText Core Application Security Reviews and More
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
it_user692322 - PeerSpot reviewer
it_user692322
Digital Security Integration Lead at a non-tech company with 10,001+ employees
Jun 27, 2017
The quality of application security testing reduces risk and gives very few false positives.
Read full review
MK
Murat Kaya
Application Security Specialist at a tech services company with 5,001-10,000 employees
Jan 11, 2018
The most important feature of the product is to follow today's technology fast, updated rules and algorithms (of the product).
Read full review
EP
Elina Petrovna
Professor at BitBrainery University
Apr 18, 2018
It has saved us a lot of time as we focus primarily on programming rather than tool operational work.
Read full review
JM
Jonathas De Morais
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
Aug 14, 2018
One of the valuable features is the ability to submit your code and have it run in the background. Then, if something comes up that is more specific, you have the security analyst who can jump in and help, if needed.
Read full review
NB
Nixon B
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Aug 16, 2018
It improves future security scans.
Read full review
it_user625875 - PeerSpot reviewer
it_user625875
Director Consulting at a tech services company with 10,001+ employees
Oct 28, 2018
I do not remember any issues with stability.
Read full review
reviewer1050960 - PeerSpot reviewer
reviewer1050960
CISO at a retailer with 1,001-5,000 employees
May 15, 2019
The solution scans our code and provides us with a dashboard of all the vulnerabilities and the criticality of the vulnerabilities. It is very useful that they provide right then and there all the information about the vulnerability, including possible fixes, as well as some additional documentation and links to the authoritative sources of why this is an issue and what's the correct way to deal with it.
Read full review
Show 10 more reviews (out of 53)
 

OpenText Core Application Security Cons review quotes

JL
Jason Lebrecht US
Sr. Manager 5G & MEC (Edge) Strategy at Verizon
Aug 25, 2017
With Rapid7 I utilized its reporting capabilities to deliver Client Reports within just a few minutes of checking the data. I believe that HP’s FoD Clients could sell more services to clients if HP put more effort into delivering visually pleasing reporting capabilities.
Read full review
it_user506661 - PeerSpot reviewer
it_user506661
Senior Lead at a computer software company with 1,001-5,000 employees
Aug 21, 2016
The Visual Studio plugin seems to hang when a scan is run on big projects. I would expect some improvements there.
Read full review
it_user512112 - PeerSpot reviewer
it_user512112
Technical Lead at a tech services company with 10,001+ employees
Sep 14, 2016
.NET code scanning is still dependent on building the code base before running any scan. Also, it's dependent on an IDE such as Visual Studio.
Read full review
Buyer's Guide
OpenText Core Application Security
January 2026
Free Report: OpenText Core Application Security Reviews and More
Learn what your peers think about OpenText Core Application Security. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
DOWNLOAD NOW
881,082 professionals have used our research since 2012.
it_user692322 - PeerSpot reviewer
it_user692322
Digital Security Integration Lead at a non-tech company with 10,001+ employees
Jun 27, 2017
New technologies and DevOps could be improved. Fortify on Demand can be slow (slower than other vendors) to support new technologies or new software versions.
Read full review
MK
Murat Kaya
Application Security Specialist at a tech services company with 5,001-10,000 employees
Jan 11, 2018
The biggest deficiency is the integration with bug tracker systems. It might be better if the configuration screen presented for accessing the bug tracking systems could provide some flexibility.
Read full review
EP
Elina Petrovna
Professor at BitBrainery University
Apr 18, 2018
It lacks of some important features that the competitors have, such as Software Composition Analysis, full dead code detection, and Agile Alliance's Best Practices and Technical Debt.
Read full review
JM
Jonathas De Morais
Enterprise Systems Analyst at a manufacturing company with 10,001+ employees
Aug 14, 2018
It's still a little bit too complex for regular developers. It takes a little bit more time than usual. I know static code scan is not the main focus of the tool, but the overall time span to scan the code, and even to set up the code scanning, is a bit overwhelming for regular developers.
Read full review
NB
Nixon B
Senior Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Aug 16, 2018
Sometimes when we run a full scan, we have a bunch of issues in the code. We should not have any issues.
Read full review
it_user625875 - PeerSpot reviewer
it_user625875
Director Consulting at a tech services company with 10,001+ employees
Oct 28, 2018
There were some regulated compliances, which were not there.
Read full review
reviewer1050960 - PeerSpot reviewer
reviewer1050960
CISO at a retailer with 1,001-5,000 employees
May 15, 2019
Primarily for a complex, advanced website, they don't really understand some of the functionalities. So for instance, they could tell us that there is a vulnerability because somebody could possibly do something, but they don't really understand the code to realize that we actually negate that vulnerability through some other mechanism in the program. In addition, the technical support is just not there. We have open tickets. They don't respond. Even if they respond, we're not seeing eye to eye. As the company got sold and bought, the support got worse.
Read full review
Show 10 more reviews (out of 53)

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs OpenText Core Application Security Logo
SonarQube vs OpenText Core Application Security
Snyk vs OpenText Core Application Security Logo
Snyk vs OpenText Core Application Security
GitLab vs OpenText Core Application Security Logo
GitLab vs OpenText Core Application Security
Checkmarx One vs OpenText Core Application Security Logo
Checkmarx One vs OpenText Core Application Security
Veracode vs OpenText Core Application Security Logo
Veracode vs OpenText Core Application Security
Coverity Static vs OpenText Core Application Security Logo
Coverity Static vs OpenText Core Application Security
GitHub Advanced Security vs OpenText Core Application Security Logo
GitHub Advanced Security vs OpenText Core Application Security
OWASP Zap vs OpenText Core Application Security Logo
OWASP Zap vs OpenText Core Application Security
Mend.io vs OpenText Core Application Security Logo
Mend.io vs OpenText Core Application Security
Acunetix vs OpenText Core Application Security Logo
Acunetix vs OpenText Core Application Security
Sonatype Lifecycle vs OpenText Core Application Security Logo
Sonatype Lifecycle vs OpenText Core Application Security
PortSwigger Burp Suite Professional vs OpenText Core Application Security Logo
PortSwigger Burp Suite Professional vs OpenText Core Application Security
HCL AppScan vs OpenText Core Application Security Logo
HCL AppScan vs OpenText Core Application Security
GitGuardian Platform vs OpenText Core Application Security Logo
GitGuardian Platform vs OpenText Core Application Security
Qualys Web Application Scanning vs OpenText Core Application Security Logo
Qualys Web Application Scanning vs OpenText Core Application Security
See all alternatives

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)

Popular Comparisons

Popular Comparisons
SonarQube vs OpenText Core Application Security Logo
SonarQube vs OpenText Core Application Security
Snyk vs OpenText Core Application Security Logo
Snyk vs OpenText Core Application Security
GitLab vs OpenText Core Application Security Logo
GitLab vs OpenText Core Application Security
Checkmarx One vs OpenText Core Application Security Logo
Checkmarx One vs OpenText Core Application Security
Veracode vs OpenText Core Application Security Logo
Veracode vs OpenText Core Application Security
Coverity Static vs OpenText Core Application Security Logo
Coverity Static vs OpenText Core Application Security
GitHub Advanced Security vs OpenText Core Application Security Logo
GitHub Advanced Security vs OpenText Core Application Security
OWASP Zap vs OpenText Core Application Security Logo
OWASP Zap vs OpenText Core Application Security
Mend.io vs OpenText Core Application Security Logo
Mend.io vs OpenText Core Application Security
Acunetix vs OpenText Core Application Security Logo
Acunetix vs OpenText Core Application Security
Sonatype Lifecycle vs OpenText Core Application Security Logo
Sonatype Lifecycle vs OpenText Core Application Security
PortSwigger Burp Suite Professional vs OpenText Core Application Security Logo
PortSwigger Burp Suite Professional vs OpenText Core Application Security
HCL AppScan vs OpenText Core Application Security Logo
HCL AppScan vs OpenText Core Application Security
GitGuardian Platform vs OpenText Core Application Security Logo
GitGuardian Platform vs OpenText Core Application Security
Qualys Web Application Scanning vs OpenText Core Application Security Logo
Qualys Web Application Scanning vs OpenText Core Application Security
See all alternatives
Related questions
  • 24
What Is The Biggest Difference Between Fortify on Demand And SonarQube?
  • 19
What are the costs for Micro Focus Fortify on Demand?
  • 137
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 44
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 101
What are the Top 5 cybersecurity trends in 2022?
  • 128
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 54
We're evaluating Tripwire, what else should we consider?
  • 39
Which application security solutions include both vulnerability scans and quality checks?
  • 393
Is SonarQube the best tool for static analysis?
  • 39
Why Do I Need Application Security Software?