HCL AppScan Reviews

Name: HCL AppScan
Brand: HCLSoftware
Rating: 4 (42 reviews)

Vendor: HCLSoftware

3.9 out of 5

42 reviews
82% willing to recommend

1,787 followers

Post review

What is HCL AppScan?

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

Get the HCL AppScan Buyer's Guide and find out what your peers are saying about HCL AppScan, SonarQube Server (formerly SonarQube), Veracode and more!

HCL AppScan is the #1 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #12 ranked solution in AST tools, and #13 ranked solution in application security solutions. PeerSpot users give HCL AppScan an average rating of 7.8 out of 10. HCL AppScan is most commonly compared to SonarQube Server (formerly SonarQube): HCL AppScan vs SonarQube Server (formerly SonarQube). HCL AppScan is popular among the large enterprise segment, accounting for 71% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.

Helped 814,572 peers since 2012

Featured reviews

Gladwin Christian

QA manager at SmartStream Technologies ltd.

Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.

Read full review

AnanyaRoy

Risk Analyst at Deloitte

I use HCL AppScan in my company for application security scanning The most valuable feature of the solution stems from the fact that it is good to run the scan faster. You can basically run the scan and take a break at work since the tool will compute the results, which makes the product quite…

Read full review

AnshulTomar

Cyber Security Architect and Presales Consultant at Kyndryl

We use the product for Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). By integrating AppScan into our CI/CD pipelines, aligned with Agile methodologies, we ensure that security testing becomes an integral part of the software development lifecycle The…

Read full review

HCL AppScan mindshare

Product category:

As of November 2024, the mindshare of HCL AppScan in the Application Security Tools category stands at 2.6%, down from 2.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Last updated Aug 13, 2024

Valuable Features

HCL AppScan offers automated crawling, extensive security testing, and support for many languages. Features include API calls, QR code scanning, integration with Postman, dynamic and static testing, custom rules, a user-friendly UI, fast scans, cloud manageability, extensive security features, scalability, and useful dashboards. It's praised for identifying vulnerabilities, ease of use, affordability, stability, and beneficial SDLC integration.

"The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats."
"The solution is cheap."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."

Room for Improvement

HCL AppScan faces challenges in CI/CD integration, false positives, support quality, language coverage, dashboard functionality, user-friendliness, mobile version, performance, and pricing. Integrating with other products and updating the database can enhance its utility. Users suggest incorporating AI for better vulnerability detection, adding penetration testing features, improving user interface, and including APIs for notifications. Enhancements in usability, marketing, and customer-specific improvements are also desired.

"They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."
"Improvement can be done as per customer requirements."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."

ROI

Users reported that HCL AppScan significantly improved the detection and management of security vulnerabilities, reducing time and costs associated with manual testing. Several users highlighted the tool's efficiency in automating scans, which led to quicker fixes and fewer security incidents. They also emphasized the enhanced confidence in their application's security posture and the overall return in terms of risk management and compliance benefits.

Pricing

Users found HCL AppScan's pricing to be high yet justified due to its extensive features and support. Some appreciated the token-based model for flexibility. Opinions varied, with some calling it cost-efficient and low-priced, while others found it expensive or moderately priced. Discounts and one-time purchase options were mentioned. A few users felt that it was priced well compared to competitors like Fortify, though others noted challenges with pricing, especially with currency exchange rates.

"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The solution is cheap."
"The product has premium pricing and could be more competitive."

Popular Use Cases

Organizations primarily use HCL AppScan for dynamic and static scanning to identify vulnerabilities in web applications, services, and system codes. It supports security testing, vulnerability assessment, and integration into CICD pipelines for DevSecOps transitions. AppScan helps generate reports, perform machine learning-based scans, and customize security checks. Various companies utilize it for web interface scanning, penetration testing, and ethical hacking to enhance application security and monitor performance.

Service and Support

HCL AppScan's customer service and support receive mixed feedback. Users appreciate the knowledgeable and responsive team, quick ticket validation, and effective problem-solving. Some users note improvements since the transition from IBM to HCL, while others mention a decrease in service quality. There are occasional delays due to time zone differences. Some users rate support highly, though a few express dissatisfaction and hope for improved services. Many find the support helpful and user-friendly.

Deployment

Initial setup of HCL AppScan is typically straightforward and easy. Deployment can take a few hours to a couple of days, depending on environment specifics and customization needs. Some users faced complexity requiring support, while many found it simple and smooth. Cloud deployment is often easier and faster compared to on-premises. Most found installation quick, often needing minimal technical staff, although a few experienced challenges needing professional services.

Scalability

HCL AppScan is largely considered scalable, especially with its cloud version. It's noted that scalability depends on business requirements and hardware configuration. However, multiple licenses might be needed for larger operations. Experience varies, with some users rating scalability highly while others faced limitations in integration and licensing.

Stability

HCL AppScan is described as stable and reliable. Users rate its stability between seven and eight out of ten. It doesn't crash, freeze, or have bugs. Performance remains stable under concurrent sessions, although issues may arise during intense scanning. Moving to HCL has improved stability and reduced code issues. Burp Suite and HCL AppScan are both noted for their stability and reliability compared to other tools.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our HCL AppScan Buyer's Guide for additional reliable information.