Try our new research platform with insights from 80,000+ expert users

Apache JMeter vs HCL AppScan comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Apache JMeter
Average Rating
7.8
Reviews Sentiment
7.1
Number of Reviews
93
Ranking in other categories
Performance Testing Tools (1st), Load Testing Tools (1st), API Testing Tools (3rd)
HCL AppScan
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
43
Ranking in other categories
Application Security Tools (14th), Static Application Security Testing (SAST) (10th), Dynamic Application Security Testing (DAST) (1st)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Apache JMeter is designed for Performance Testing Tools and holds a mindshare of 24.0%, up 23.9% compared to last year.
HCL AppScan, on the other hand, focuses on Application Security Tools, holds 2.6% mindshare, down 2.7% since last year.
Performance Testing Tools
Application Security Tools
 

Featured Reviews

Sreenivasula Mukkamalla - PeerSpot reviewer
Leveraging cost-effective customization with powerful plugins but complexity reduction needed
Apache JMeter offers plugins for reporting and preparing test scenarios. It allows recording to customization, letting you download plugins to connect with databases or external systems. Despite being open source, it offers features comparable to paid tools, and its ability to customize and expand is particularly useful. Additionally, its open-source nature makes it cost-effective.
Rishi Anupam - PeerSpot reviewer
A stable and scalable scanning solution with good reporting feature
The solution is used for the vulnerabilities scan on the network side The reporting part is the most valuable feature. The penetration testing feature should be included. I have been using the solution for four years. It is a stable solution. I rate it seven out of ten. It is a scalable…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is easy to set up."
"It is scalable. It is cloud-based."
"We really appreciate that the solution comes with a live community, which continuously provided plugins and support protocols."
"We are using this for performance testing and some automation."
"This solution is easier to use than any other tool in the market; there is not even a requirement to learn a lot of scripting in order to use it."
"The solution has good transition controllers and distributed testing."
"The reports and analysis tools are very good. They are the solution's most valuable features."
"It's easy to set up."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The most valuable feature of HCL AppScan is scanning QR codes."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"Technical support is helpful."
"The security and the dashboard are the most valuable features."
"The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats."
 

Cons

"The interface could be made more user-friendly."
"The reports in Apache JMeter could improve."
"The plug-ins make the reports heavy and they have to be run in non-GUI mode."
"There could be improvements in terms of memory utilization. We are going to migrate away from JMeter in the near future."
"I need to consider it further because as features increase, it might become more complicated, and my goal has always been simplicity. Currently, I have to focus on other tasks, and I'm handling multiple responsibilities, so I can't juggle everything at once. However, if you ask me, I believe EJB covers most functionalities that are crucial. One improvement I'd suggest is adding a graphical aspect to the Gateway, making it a bit more colorful. Unlike JMeter, which lacks color, having a bit of color in the graphical aspects would be beneficial. Overall, for the essential features, EJB should work fine."
"Apache JMeter could be a more user-friendly product from the end user's perspective."
"The memory utilization in JMeter is very poor."
"In Micro Focus LoadRunner we can go from the UI and we can configure it. There is no such feature in Apache JMeter. There should be UI-based recording history or logs."
"​IBM Security AppScan Source is rather hard to use​."
"Many silly false positives are produced."
"The databases for HCL are small and have room for improvement."
"AppScan needs to improve its handling of false positives."
"Scans become slow on large websites."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
 

Pricing and Cost Advice

"JMeter is open source and available free of charge."
"This is an open-source solution, so there are no licensing costs involved."
"The solution is open source."
"Since we are using an outsourced solution, it is not paid for by our company."
"The solution is open-source."
"Apache JMeter is a free tool."
"The solution is free of cost as it is open source."
"Since it's free, there's no need for extensive support or improvements in pricing."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The price is very expensive."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"The product has premium pricing and could be more competitive."
"The solution is cheap."
"The solution is moderately priced."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
report
Use our free recommendation engine to learn which Performance Testing Tools solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
16%
Manufacturing Company
7%
Government
7%
Computer Software Company
19%
Financial Services Firm
15%
Government
11%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Postman compare with Apache JMeter?
Postman lets you easily define variables, which then get updated automatically. This is a huge time-saver and makes processes very efficient. We can also export the test cases we create and share t...
How does BlazeMeter compare with Apache JMeter?
Blazemeter is a continuous testing platform that provides scriptless test automation. It unifies functional and performance testing, enabling users to monitor and test public and private APIs. We ...
What do you like most about Apache JMeter?
I appreciate JMeter's simplicity and power for performance testing.
What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
 

Also Known As

JMeter
IBM Security AppScan, Rational AppScan, AppScan
 

Overview

 

Sample Customers

AOL, Orbitz, Innopath Software, PrepMe, Sapient, Corporate Express Australia, CSIRO, Ephibian, Talis, DATACOM, ALALOOP, eFusion, Panter, Sourcepole, University of Western Cape
Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Find out what your peers are saying about Apache, Tricentis, Perforce and others in Performance Testing Tools. Updated: March 2025.
842,767 professionals have used our research since 2012.