We performed a comparison between Fortify Application Defender and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"I find the configuration of rules in Fortify Application Defender useful. Its integration is also easy."
"Its ability to find security defects is valuable."
"The product saves us cost and time."
"The solution helped us to improve the code quality of our organization."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"There's extensive functionality with custom rules and a custom knowledge base."
"We leverage it as a quality check against code."
"We are now deploying less defects to production."
"It provides a better integration for our ecosystem."
"The solution is cheap."
"The reporting part is the most valuable feature."
"The solution offers services in a few specific development languages."
"I like the recording feature."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"Fortify Application Defender gives a lot of false positives."
"The solution is quite expensive."
"The workbench is a little bit complex when you first start using it."
"The false positive rate should be lower."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"Support for older compilers/IDEs is lacking."
"They should have a better UI for dashboards."
"The databases for HCL are small and have room for improvement."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"Scans become slow on large websites."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"They could add a software component analysis tool."
"They have to improve support."
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while HCL AppScan is ranked 14th in Application Security Tools with 41 reviews. Fortify Application Defender is rated 7.8, while HCL AppScan is rated 7.8. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify Application Defender is most compared with Checkmarx One, CAST Application Intelligence Platform, Coverity, SonarQube and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our Fortify Application Defender vs. HCL AppScan report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.