We performed a comparison between HCL AppScan and Qualys Web Application Scanning based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The reporting part is the most valuable feature."
"AppScan is stable."
"The static scans are good, and the SaaS as well."
"The solution is easy to use."
"The security and the dashboard are the most valuable features."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The product has valuable features for static and dynamic testing."
"You can easily find particular features and functions through the UI."
"It is easy to use."
"The most valuable feature is that we are able to scan the services and put credentials like a user ID password. We can verify the vulnerability level."
"I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
"The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."
"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."
"The vulnerability management feature is a strong one. And also the patch management feature."
"You can integrate your Burp Suite results and create an integrated report. Also, the way it shows the results - threats and exploit details - makes remediation very easy."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"Scans become slow on large websites."
"Improvement can be done as per customer requirements."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"There is room for improvement in the pricing model."
"They should have a better UI for dashboards."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"AppScan is too complicated and should be made more user-friendly."
"The UI is not user-friendly and you don't have a yearly reporting facility where you can slice and dice in different jobs."
"We receive false positives sometimes when using a solution that could be improved. However, the technical team provides us with the exact explanation why it was giving us that kind of error."
"There should be better visibility into the application."
"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."
"The reporting contains too many false positives."
"The virus code updates are not frequent enough."
"Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly."
"It should have better automatic reporting."
More Qualys Web Application Scanning Pricing and Cost Advice →
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while Qualys Web Application Scanning is ranked 18th in Application Security Tools with 31 reviews. HCL AppScan is rated 7.8, while Qualys Web Application Scanning is rated 7.8. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Qualys Web Application Scanning writes "A stable solution that can be used for infrastructure vulnerability scanning and web application scanning". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Snyk, whereas Qualys Web Application Scanning is most compared with OWASP Zap, SonarQube, Veracode, PortSwigger Burp Suite Professional and Checkmarx One. See our HCL AppScan vs. Qualys Web Application Scanning report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.