Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs PortSwigger Burp Suite Enterprise Edition comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Aug 13, 2024
 

Categories and Ranking

HCL AppScan
Ranking in Dynamic Application Security Testing (DAST)
1st
Average Rating
7.8
Number of Reviews
42
Ranking in other categories
Application Security Tools (13th), Static Application Security Testing (SAST) (12th)
PortSwigger Burp Suite Ente...
Ranking in Dynamic Application Security Testing (DAST)
5th
Average Rating
8.0
Reviews Sentiment
7.4
Number of Reviews
11
Ranking in other categories
Vulnerability Management (21st)
 

Featured Reviews

Gladwin Christian - PeerSpot reviewer
Sep 29, 2023
A useful tool to scan applications that can be easily installed
Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.
Iwegbue Godspower Isioma - PeerSpot reviewer
Nov 20, 2023
A seamless and easy-to-use solution that enables organizations to conduct vulnerability assessments and penetration testing
We use the solution for vulnerability assessment and penetration testing. We can escalate vulnerabilities. We can also use it for mobile app traffic detection and SQL injection We can escalate the vulnerabilities we see on the web application. The product is easy to use. It is seamless and easy…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like the recording feature."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The most valuable feature of the solution is the scanning or security part."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"The most valuable feature of the solution is Postman."
"This is a stable solution."
"The solution offers services in a few specific development languages."
"The UI was very intuitive."
"The product's initial setup phase was super easy."
"The product is easy to use."
"Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition."
"We are in the early stage of using the solution making it difficult to fully determine the best features. However, we have noticed the CMDB and device discovery features look valuable at this time."
"The most valuable part of it was probably the ability to intercept and modify calls."
"I like normal dynamic scanning, general web applications scanning, and vulnerability assessments."
"The solution's extensions really expand the capabilities and features offered by the installation."
"The tool is loaded with many features that give us ROI."
 

Cons

"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"There is room for improvement in the pricing model."
"​IBM Security AppScan Source is rather hard to use​."
"There is not a central management for static and dynamic."
"The solution could improve by having a mobile version."
"AppScan is too complicated and should be made more user-friendly."
"Many silly false positives are produced."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"There's definitely room for improvement. There are lots of false positives. Once I do the manual assessment, it comes as a false positive. They need to improve the Enterprise Edition, especially the part that gives false positives."
"From my personal experience, the solution's performance could be improved."
"The solution is a bit expensive."
"The implementation of the solution is quite complicated and could be easier."
"The stability of the scans could be improved."
"The cost per license per user could be cheaper, specifically for individual licensing."
"Scalability could be better."
"There are features or functionality missing, but PortSwigger Burp Suite Enterprise Edition does try to update frequently to alleviate the shortcomings."
 

Pricing and Cost Advice

"The tool was expensive."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The product has premium pricing and could be more competitive."
"The solution is cheap."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"HCL AppScan is expensive."
"Although the solution can be a bit expensive for small companies, its pricing is fairly reasonable for its capabilities."
"PortSwigger Burp Suite Enterprise Edition is neither a cheap nor an expensive product. PortSwigger Burp Suite Enterprise Edition is a good tool for companies."
"For Professional, it's about $400 per year."
"PortSwigger Burp Suite Enterprise Edition is expensive compared to other solutions."
"The tool's pricing is reasonable and costs around 400 dollars per year."
report
Use our free recommendation engine to learn which Dynamic Application Security Testing (DAST) solutions are best for your needs.
814,572 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
14%
Manufacturing Company
11%
Government
10%
Financial Services Firm
16%
Computer Software Company
15%
Government
11%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.
What is your primary use case for HCL AppScan?
We use AppScan primarily for security testing and performance monitoring across our systems.
What do you like most about PortSwigger Burp Suite Enterprise Edition?
Parallel scans can be done with PortSwigger Burp Suite Enterprise Edition.
What needs improvement with PortSwigger Burp Suite Enterprise Edition?
PortSwigger Burp Suite Enterprise Edition should incorporate a static code analysis feature. One main issue we encounter is false positives. False positives can be challenging for developers.
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
No data available
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Nasa, Disney, Dow Jones, Iberia Bank, IBM, Ernest and Young, Apple, Ryanair, Thyssenkrupp, Delivery Hero
Find out what your peers are saying about HCL AppScan vs. PortSwigger Burp Suite Enterprise Edition and other solutions. Updated: October 2024.
814,572 professionals have used our research since 2012.