Try our new research platform with insights from 80,000+ expert users

Apache JMeter vs HCL AppScan comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Apache JMeter
Average Rating
7.8
Reviews Sentiment
7.1
Number of Reviews
93
Ranking in other categories
Performance Testing Tools (1st), Load Testing Tools (1st), API Testing Tools (3rd)
HCL AppScan
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
43
Ranking in other categories
Application Security Tools (14th), Static Application Security Testing (SAST) (10th), Dynamic Application Security Testing (DAST) (1st)
 

Mindshare comparison

While both are Quality Assurance solutions, they serve different purposes. Apache JMeter is designed for Performance Testing Tools and holds a mindshare of 24.0%, up 23.9% compared to last year.
HCL AppScan, on the other hand, focuses on Application Security Tools, holds 2.6% mindshare, down 2.7% since last year.
Performance Testing Tools
Application Security Tools
 

Featured Reviews

Sreenivasula Mukkamalla - PeerSpot reviewer
Leveraging cost-effective customization with powerful plugins but complexity reduction needed
Apache JMeter offers plugins for reporting and preparing test scenarios. It allows recording to customization, letting you download plugins to connect with databases or external systems. Despite being open source, it offers features comparable to paid tools, and its ability to customize and expand is particularly useful. Additionally, its open-source nature makes it cost-effective.
Rishi Anupam - PeerSpot reviewer
A stable and scalable scanning solution with good reporting feature
The solution is used for the vulnerabilities scan on the network side The reporting part is the most valuable feature. The penetration testing feature should be included. I have been using the solution for four years. It is a stable solution. I rate it seven out of ten. It is a scalable…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"User-friendly and open source."
"It's very useful for performance and load testing."
"One valuable feature of Apache JMeter is the ability to replicate scenarios where bulk files have to be uploaded via API."
"It is cost-effective and simple to use."
"The biggest thing I liked about it is that there is a huge user base out there, and being shareware and being Apache, if I have any question on how to get something done, I get 18 different answers. Out of those, there would be at least a few good approaches for what I was trying to do. So, the support system out there is most valuable."
"It's easy to set up."
"I use all the tools, but one feature that stands out is JMeter's ability to test when services are sending a particular kind of request. We are using specific ports to send queries, and assess the performance based on the time it takes these queries to respond. You can use it with stuff other than the web performance."
"Apache JMeter is completely free as it is open-source, providing cost-effective customization options."
"The product has valuable features for static and dynamic testing."
"This solution saves us time due to the low number of false positives detected."
"The solution is easy to use."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"AppScan is stable."
"The most valuable feature of the solution is the scanning or security part."
 

Cons

"There is room for improvement in the scripting concepts. The scripting and even the results and reports were very elaborative and informative in LoadRunner, but not in JMeter because everything has to be done manually."
"Improving JMeter's sync time would be beneficial."
"Its reporting could be improved. There should be a better visual representation. That would be helpful for easy consumption of the reports."
"In terms of setup, it could be nicer, to be honest. Sometimes, I get a little bit lost."
"If the solution was GUI based, I believe that it would be more versatile."
"The solution's setup could be easier and security could be improved to minimize vulnerabilities."
"One of the drawbacks of JMeter is that it can't handle a large amount of load, which forces us to switch to other tools when we need to load more than a 5,000 or 10,000 user load."
"While using Apache JMeter, we are unable to view the graph while the test is running because it consumes resources, which is a drawback. With BlazeMeter, you can view the results in real-time."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"Many silly false positives are produced."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"AppScan needs to improve its handling of false positives."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"AppScan needs to improve its handling of false positives."
"They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."
 

Pricing and Cost Advice

"Apache JMeter is a free open source solution and it is why we are using it."
"This is an open-source solution, so there are no licensing costs associated with it."
"It is open source. There are no licensing costs associated. If you need enterprise support, you'll probably end up paying for a license. You would also factor in the infrastructure cost, but that's not significant."
"Everything is included, and there are no additional costs."
"We are using the free version, and if required, we can easily switch to the other version."
"I switched to Apache because it is free. Other tools are much too expensive and can cost up to $50,000 a year if you are looking at commercial options."
"Since we are using an outsourced solution, it is not paid for by our company."
"The product has reasonable pricing."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The price is very expensive."
"The solution is moderately priced."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"The product has premium pricing and could be more competitive."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"HCL AppScan is expensive."
report
Use our free recommendation engine to learn which Performance Testing Tools solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
16%
Manufacturing Company
7%
Government
7%
Computer Software Company
19%
Financial Services Firm
14%
Government
11%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Postman compare with Apache JMeter?
Postman lets you easily define variables, which then get updated automatically. This is a huge time-saver and makes processes very efficient. We can also export the test cases we create and share t...
How does BlazeMeter compare with Apache JMeter?
Blazemeter is a continuous testing platform that provides scriptless test automation. It unifies functional and performance testing, enabling users to monitor and test public and private APIs. We ...
What do you like most about Apache JMeter?
I appreciate JMeter's simplicity and power for performance testing.
What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
 

Also Known As

JMeter
IBM Security AppScan, Rational AppScan, AppScan
 

Overview

 

Sample Customers

AOL, Orbitz, Innopath Software, PrepMe, Sapient, Corporate Express Australia, CSIRO, Ephibian, Talis, DATACOM, ALALOOP, eFusion, Panter, Sourcepole, University of Western Cape
Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Find out what your peers are saying about Apache, Tricentis, Perforce and others in Performance Testing Tools. Updated: March 2025.
845,040 professionals have used our research since 2012.