HCL AppScan Reviews

Name: HCL AppScan
Brand: HCLSoftware
Rating: 3.9 (43 reviews)

Vendor: HCLSoftware

3.9 out of 5

43 reviews
83% willing to recommend

1,790 followers

Post review

What is HCL AppScan?

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

Get the HCL AppScan Buyer's Guide and find out what your peers are saying about HCL AppScan, SonarQube Server (formerly SonarQube), GitLab and more!

HCL AppScan is the #1 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #12 ranked solution in AST tools, and #15 ranked solution in application security solutions. PeerSpot users give HCL AppScan an average rating of 7.8 out of 10. Based on the analysis of the 43 most recent HCL AppScan reviews, the overall sentiment is positive, with a sentiment score of 6.9. HCL AppScan is most commonly compared to SonarQube Server (formerly SonarQube): HCL AppScan vs SonarQube Server (formerly SonarQube). HCL AppScan is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.

Helped 830,726 peers since 2012

Featured reviews

Rishi Anupam

Senior Manager at Airtel

The solution is used for the vulnerabilities scan on the network side The reporting part is the most valuable feature. The penetration testing feature should be included. I have been using the solution for four years. It is a stable solution. I rate it seven out of ten. It is a scalable…

Read full review

AnshulTomar

Cyber Security Architect and Presales Consultant at Kyndryl

We use the product for Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). By integrating AppScan into our CI/CD pipelines, aligned with Agile methodologies, we ensure that security testing becomes an integral part of the software development lifecycle The…

Read full review

Gladwin Christian

QA manager at SmartStream Technologies ltd.

Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.

Read full review

HCL AppScan mindshare

Product category:

As of January 2025, the mindshare of HCL AppScan in the Application Security Tools category stands at 2.7%, down from 2.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

PeerAnalyst reports

Type	Title	Date
Category	Application Security Tools	Jan 14, 2025	Download
Product	Reviews, tips, and advice from real users	Jan 14, 2025	Download
Comparison	HCL AppScan vs SonarQube Server (formerly SonarQube)	Jan 14, 2025	Download
Comparison	HCL AppScan vs Veracode	Jan 14, 2025	Download
Comparison	HCL AppScan vs Checkmarx One	Jan 14, 2025	Download

Title	Rating	Mindshare	Recommending
SonarQube Server (formerly SonarQube)	4.0	26.4%	81%	113 interviews Add to research
GitLab	4.3	3.0%	97%	81 interviews Add to research

Valuable Features

HCL AppScan boasts capabilities in detecting XSS and SQL injection, supporting PCI compliance with rigorous checks, and offering a user-friendly interface. Its security features include detailed vulnerability grading and AI enhancements. Users appreciate its ease of integration with agile processes, rich templates, API capabilities, low false-positive rates, and scalability. It excels in both static and dynamic testing, provides efficient QR code scanning, and leverages Postman for precise security scans, making it a trusted tool for developers.

"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats."

Room for Improvement

HCL AppScan faces challenges such as false positives and slow performance on large sites. Users seek enhancements in DOM-based XSS detection, mobile application vulnerability checks, and usability. Improvements in integration with CI/CD systems and other tools are desired. Users call for better support services and pricing adjustment. Expanding language support, database size, and penetration testing features, in addition to developing a desktop version, could improve user experience. Marketing efforts and reporting capabilities would benefit from enhancement.

"AppScan needs to improve its handling of false positives."
"AppScan needs to improve its handling of false positives."
"They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."

ROI

HCL AppScan achieved a 50% return on investment, enhancing microservices-led architecture and minimizing errors by integrating DevOps processes. It significantly reduced vulnerabilities, yielding 20% cost savings overall for users, including banks in Brazil. Many experienced ROI within six months. While financial details are not always disclosed, HCL AppScan improved applications' attack surfaces post-deployment and lowered defects efficiently.

Pricing

HCL AppScan is generally viewed as expensive but offers various pricing models and potential discounts. Many users find the pricing justified by the features, while others deem it premium. Some prefer the token-based model for flexibility. Compared to competitors, AppScan can be more affordable, yet some users see room for price reduction. It's often considered cost-effective by those who prioritize comprehensive security and code analysis needs. Licensing fees typically don't include extra charges.

"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The solution is cheap."
"The product has premium pricing and could be more competitive."

Popular Use Cases

HCL AppScan is primarily utilized for identifying security weaknesses in code, both in static and dynamic contexts. Users integrate it into their development processes, especially within DevOps and DevSecOps environments, to assess vulnerabilities before deployment. It is employed in QA cycles, CI/CD pipelines, and is used for web and source code scanning. Additionally, some users leverage its features for enhancing performance monitoring and exploring ethical hacking methodologies.

Service and Support

HCL AppScan's customer service is generally responsive and knowledgeable, with swift ticket handling and helpful support. Many users find the service satisfactory, but some note delays due to geographical differences and insufficient regional resources, particularly in the Gulf region. Past associations with IBM have influenced perceptions, though recent improvements are acknowledged. Comparisons with Veracode highlight areas for enhancement, specifically in proactive communication and service reliability. Overall satisfaction varies, with ratings from six to ten out of ten.

Deployment

Many find HCL AppScan's initial setup easy and straightforward, often requiring only a few hours to a couple of days. Others report complexity and needing assistance from professional services due to integration with large environments or specific customizations. Factors like deployment model and previous experience influence ease of setup. Some mention the need for technical support during setup phases. The setup experience varies widely, with ratings typically ranging from six to ten out of ten.

Scalability

HCL AppScan is largely regarded as scalable, although some users experience challenges. Licensing plays a significant role in scalability concerns since one license per machine is required. Users appreciate its cloud-based capabilities, rating scalability from moderate to excellent. While integration issues have been noted, these are often resolved, resulting in good performance for companies of various sizes. Hardware allocation and CI/CD program design influence scalability effectiveness. Mixed experiences exist, with some finding it sufficient, and others less so.

Stability

HCL AppScan is described as stable by many users. Few have reported minor glitches or performance issues, often linked to hardware rather than the software itself. Stability ratings range from seven to eight out of ten. Some note that updates have improved its stability significantly, and it supports continuous vulnerability assessments without major issues. Overall, it's reliable and doesn't have substantial bugs or downtime, even under concurrent usage.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our HCL AppScan Buyer's Guide for additional reliable information.