HCL AppScan vs OWASP Zap comparison

HCL AppScan
Read 41 HCL AppScan reviews
  • 5,387 Views
  • 4,135 Comparison Views
82% willing to recommend
OWASP Zap
Read 37 OWASP Zap reviews
  • 20,009 Views
  • 9,187 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed HCL AppScan vs. OWASP Zap Report (Updated: May 2024).
Buyer's Guide
HCL AppScan vs. OWASP Zap
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

HCL AppScan
Ranking in Static Application Security Testing (SAST)
11th
Average Rating
7.8
Number of Reviews
41
Ranking in other categories
Application Security Tools (14th), Dynamic Application Security Testing (DAST) (1st)
OWASP Zap
Ranking in Static Application Security Testing (SAST)
8th
Average Rating
7.6
Number of Reviews
37
Ranking in other categories
No ranking in other categories
 

Market share comparison

As of June 2024, in the Static Application Security Testing (SAST) category, the market share of HCL AppScan is 2.6% and it decreased by 1.2% compared to the previous year. The market share of OWASP Zap is 4.4% and it decreased by 30.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Static Application Security Testing (SAST)
Unique Categories:
Application Security Tools
3.1%
Dynamic Application Security Testing (DAST)
30.0%
No other categories found
 

Featured Reviews

RN
Jan 19, 2022
Improves application security, identifies gaps, and performs well
The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved. We always raise that as an announcement request because statistics gathering or management reports based on statistics are quite important. that is the only generic feature that we always request from the product team. The standard response is "Yes, it is in the pipeline, we will take a look." We would like to see all of the results in the same product. However, specific products for a specific test are available on the market. For example, you cannot upload the task report to the DAST report dashboard and instead request that the product team or vendor team create a sophisticated dashboard for that. Definitely, they will say "No, it is not possible because you have a DAST tool on the market. Go and purchase that. It will have your dashboard. If you're a DevSecOps team, and you ask me I would like to see all of the reports uploaded and collaborated on the same dashboard of the particular product. This is the reason we are using an open-sourced vulnerable management tool.
Read full review
AnkithKumar - PeerSpot reviewer
Jun 22, 2022
Great for automating and testing and has tightened our security
I use this solution to test applications; web applications, web APIs, and infrastructure. For the web APIs and applications, I use OWASP Zap for interpreting requests and responses, and to see how the application behaves to resist payloads. This is one of the basic applications for us to automate…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The security and the dashboard are the most valuable features."
"The most valuable feature of the solution is Postman."
"AppScan is stable."
"The most valuable feature of HCL AppScan is scanning QR codes."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The static scans are good, and the SaaS as well."
"You can easily find particular features and functions through the UI."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
More HCL AppScan pros
"Automatic updates and pull request analysis."
"The interface is easy to use."
"The stability of the solution is very good."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"The solution has tightened our security."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"It scans while you navigate, then you can save the requests performed and work with them later."
More OWASP Zap pros
 

Cons

"The product has some technical limitations."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"Sometimes it doesn't work so well."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"Many silly false positives are produced."
"There is room for improvement in the pricing model."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
More HCL AppScan cons
"The solution is unable to customize reports."
"Lacks resources where users can internally access a learning module from the tool."
"The port scanner is a little too slow.​"
"The reporting feature could be more descriptive."
"There's very little documentation that comes with OWASP Zap."
"It doesn't run on absolutely every operating system."
"Sometimes, we get some false positives."
"It needs more robust reporting tools."
More OWASP Zap cons
 

Pricing and Cost Advice

"The price is very expensive."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"The tool was expensive."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"Our clients are willing to pay the extra money. It is expensive."
"The solution is cheap."
"The product has premium pricing and could be more competitive."
More HCL AppScan pricing and cost advice
"This is an open-source solution and can be used free of charge."
"It is open source, and we can scan freely."
"The tool is open-source."
"We have used the freeware version. I believe Zap only has freeware."
"This solution is open source and free."
"The tool is open source."
"It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
"It is highly recommended as it is an open source tool."
More OWASP Zap pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
15%
Government
10%
Manufacturing Company
9%
Computer Software Company
18%
Financial Services Firm
10%
Government
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
See all answers
What needs improvement with HCL AppScan?
Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its fea...
See all answers
What is your primary use case for HCL AppScan?
I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for vulner...
See all answers
Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
See all answers
What do you like most about OWASP Zap?
The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, i...
See all answers
What is your experience regarding pricing and costs for OWASP Zap?
The tool is open source.
See all answers
 

Comparisons

SonarQube vs HCL AppScan Logo
SonarQube vs HCL AppScan
Compared 16% of the time
Veracode vs HCL AppScan Logo
Veracode vs HCL AppScan
Compared 12% of the time
Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
Compared 11% of the time
PortSwigger Burp Suite Professional vs HCL AppScan Logo
PortSwigger Burp Suite Professional vs HCL AppScan
Compared 8% of the time
Fortify on Demand vs HCL AppScan Logo
Fortify on Demand vs HCL AppScan
Compared 8% of the time
More HCL AppScan Competitors
SonarQube vs OWASP Zap Logo
SonarQube vs OWASP Zap
Compared 21% of the time
Acunetix vs OWASP Zap Logo
Acunetix vs OWASP Zap
Compared 13% of the time
Qualys Web Application Scanning vs OWASP Zap Logo
Qualys Web Application Scanning vs OWASP Zap
Compared 11% of the time
Veracode vs OWASP Zap Logo
Veracode vs OWASP Zap
Compared 9% of the time
Invicti vs OWASP Zap Logo
Invicti vs OWASP Zap
Compared 5% of the time
More OWASP Zap Competitors
 

Product Reports

Buyer's Guide
HCL AppScan
June 2024
HCL AppScan reportDownload HCL AppScan product report
Buyer's Guide
OWASP Zap
May 2024
OWASP Zap reportDownload OWASP Zap product report
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
No data available
 

Learn More

HCLTech
OWASP
 

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

OWASP Zap is a free and open-source web application security scanner. 

The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
Buyer's Guide
HCL AppScan vs. OWASP Zap
May 2024
Free Report: HCL AppScan vs. OWASP Zap
Find out what your peers are saying about HCL AppScan vs. OWASP Zap and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our HCL AppScan vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.