CAST Highlight vs. Fortify by OpenText

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
CAST Highlight
Score 8.2 out of 10
Enterprise companies (1,001+ employees)
CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.
$25,000
Portfolio Size 25
Fortify by OpenText
Score 9.0 out of 10
N/A
An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.N/A
Pricing
CAST HighlightFortify by OpenText
Editions & Modules
Cloud
25k
Portfolio Size 25
SCA
$26k
Portfolio Size 25
Complete
33k
Portfolio Size 25
No answers on this topic
Offerings
Pricing Offerings
CAST HighlightFortify by OpenText
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeOptionalNo setup fee
Additional DetailsAnnual Pricing by Size of Application Portfolio
More Pricing Information
Community Pulse
CAST HighlightFortify by OpenText
Considered Both Products
CAST Highlight
Chose CAST Highlight
These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Fortify by OpenText
Chose Fortify by OpenText
When compared to Insight Appsec, Focus Fortify WebInspect performs better in terms of speed, integration, and detection capabilities. The variety of vulnerabilities it detected as being against Insight Appsec is what I appreciated the most. In addition to detecting …
Chose Fortify by OpenText
Micro Focus Fortify WebInspect is better when it comes to speed, integration and detection capabilities as compared to Insight Appsec. What I loved the most is the broad coverage of vulnerabilities it identified as against Insight Appsec. Apart from detection capabilities the …
Chose Fortify by OpenText
  • Veracode is the product I've used that is most similar to Fortify WebInspect. They both do a good job at reporting code vulnerabilities and both allow for good automation.
  • SonarQube can be a free tool, but does a much better job at finding bugs that aren't necessarily …
Chose Fortify by OpenText
Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for …
Chose Fortify by OpenText
CAST in my opinion provides a far superior product in that it can parse in an entire suite of applications and do scans across modules. HP Fortify probably has deeper and more current scanning so I think both products complement each other. I would not rely solely on …
Best Alternatives
CAST HighlightFortify by OpenText
Small Businesses

No answers on this topic

GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
CAST HighlightFortify by OpenText
Likelihood to Recommend
10.0
(0 ratings)
9.0
(0 ratings)
Likelihood to Renew
-
(0 ratings)
10.0
(0 ratings)
Usability
-
(0 ratings)
7.0
(0 ratings)
Support Rating
10.0
(0 ratings)
10.0
(0 ratings)
User Testimonials
CAST HighlightFortify by OpenText
Likelihood to Recommend
I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
Read full review
I think Micro Focus Fortify WebInspect could fit really any organization well that needs to perform static code analysis on their applications (they do have dynamic scanning but I don't have any experience using it). Different static analysis tools scan code differently, Micro Focus Fortify WebInspect requires you to provide a full build of the application to be submitted with debugging files which could be easy or hard depending on how your organization is building it's apps.
Read full review
Pros
  • Identifies common coding vulnerabilities.
  • Compares code to industry best practices.
  • Assesses the code for data privacy compliance.
Read full review
  • prevents malware
  • mitigates risks
  • visibility
  • safety
Read full review
Cons
  • Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
  • We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.
Read full review
  • It should focus on microservices and develop features
  • Performance need to be improved
  • Multiple apps should be easy to scan in parallel thus saving time
Read full review
Likelihood to Renew
No answers on this topic
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
Read full review
Usability
No answers on this topic
It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.
Read full review
Support Rating
Tech support and pro services are top-notch.
Read full review
Always receive excellent support from the vendor. No issues there.
Read full review
Alternatives Considered
These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Read full review
Micro Focus Fortify WebInspect is better when it comes to speed, integration and detection capabilities as compared to Insight Appsec. What I loved the most is the broad coverage of vulnerabilities it identified as against Insight Appsec. Apart from detection capabilities the time taken is also less compared to Insight Appsec. Given the performance of Micro Focus Fortify WebInspect I would strongly recommend to everyone looking for DevSecOps and application security solutions
Read full review
Return on Investment
  • I believe once we had the tool working for our code base, we immediately saw positive ROI.
  • We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.
Read full review
  • Good as part of our security suite to help prevent successful attacks.
  • Reporting of defects helps to educate developers.
  • Worth the price we paid.
Read full review
ScreenShots

CAST Highlight Screenshots

Screenshot of Application Portfolio ManagementScreenshot of Software Composition AnalysisScreenshot of Portfolio Advisor for Open SourceScreenshot of Portfolio Advisor for CloudScreenshot of Cloud Migration Blockers and Boosters