HCL AppScan vs Qualys Web Application Scanning comparison

HCLSoftware and Qualys are both solutions in the Application Security Tools category. HCLSoftware is ranked #13 with an average rating of 8.0, while Qualys is ranked #12 with an average rating of 8.4. HCLSoftware holds a 2.6% mindshare in AS, compared to Qualys’s 1.9% mindshare. Additionally, 82% of HCLSoftware users are willing to recommend the solution, compared to 86% of Qualys users who would recommend it.

HCL AppScan

Read 42 HCL AppScan reviews

4,509 Views
3,469 Comparison Views

82% willing to recommend

Qualys Web Application Scan...

Read 35 Qualys Web Application Scanning reviews

3,485 Views
2,730 Comparison Views

86% willing to recommend

HCL AppScan

Qualys Web Application Scan...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 23, 2024

HCL AppScan and Qualys Web Application Scanning both compete in the web application security tools market. Qualys Web Application Scanning appears to have the upper hand due to its superior reporting features and faster scanning times.

Features: Users value HCL AppScan for its extensive vulnerability coverage, seamless integration with security tools, and comprehensive detection capabilities. Qualys' strengths lie in its detailed reporting, faster scanning times, and user-friendly interface.

Room for Improvement: Users suggest HCL AppScan could improve its scanning speeds, user customization options, and overall performance. For Qualys, feedback indicates a need for enhanced integration capabilities, more intuitive user guidance, and broader vulnerability coverage.

Ease of Deployment and Customer Service: HCL AppScan is praised for its straightforward deployment process and excellent customer service. Qualys offers a slightly faster initial setup but receives mixed reviews on customer support.

Pricing and ROI: HCL AppScan users find the product offers good value despite higher setup costs. Qualys is noted for its competitive pricing and faster ROI.

To learn more, read our detailed HCL AppScan vs. Qualys Web Application Scanning Report (Updated: October 2024).

Buyer's Guide

HCL AppScan vs. Qualys Web Application Scanning

October 2024

Download the complete report

Helped 816,406 peers since 2012

Categories and Ranking

HCL AppScan

Ranking in Application Security Tools

13th

Ranking in Static Application Security Testing (SAST)

12th

Average Rating

7.8

Reviews Sentiment

5.8

Number of Reviews

Ranking in other categories

Dynamic Application Security Testing (DAST) (1st)

Qualys Web Application Scan...

Ranking in Application Security Tools

12th

Ranking in Static Application Security Testing (SAST)

11th

Average Rating

7.8

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of November 2024, in the Application Security Tools category, the mindshare of HCL AppScan is 2.6%, down from 2.8% compared to the previous year. The mindshare of Qualys Web Application Scanning is 1.9%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Application Security Tools

Featured Reviews

Gladwin Christian

QA manager at SmartStream Technologies ltd.

A useful tool to scan applications that can be easily installed

Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.

Read full review

SubhajitAich

Security Consultant at Cognizant

A stable solution that can be used for infrastructure vulnerability scanning and web application scanning

Qualys Web Application Scanning is very complex to use, and its graphical interface is not very user-friendly. Compared to other solutions like Tenable and Rapid7, you need to navigate a lot to get the actual results out of Qualys Web Application Scanning. If I have to search for one thing within the entire console, I have to look for it randomly. It's not very easy and very comfortable to find something. Overall, it's a very good solution, but it will be very good if the tool is more user-friendly.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Technical support is helpful."

"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."

"This solution saves us time due to the low number of false positives detected."

"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."

"The static scans are good, and the SaaS as well."

"The most valuable feature of the solution is the scanning or security part."

"It's generally a very user-friendly tool. Anyone can easily learn how to scan"

"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."

More HCL AppScan pros

"QualysGuard web-based scanner is very useful for performing external penetration and PCI scans from remote locations."

"This product is designed for easy scalability and can easily scale up without major challenges."

"Qualys' process of updating signatures is something we really appreciate, and it's way ahead of its industry peers."

"Licensing is the most valuable. Qualys provides the best licensing for companies. It is the best product for the development purposes of web applications. The product has a lot of integrations."

"It is a good product for website penetration testing to detect vulnerabilities."

"Automated scanning has significantly improved our web application security management by reducing manual work."

"Its most valuable features are patch management, vulnerability management, and PCI compliance."

"The interface is user-friendly and easy to understand."

More Qualys Web Application Scanning pros

Cons

"AppScan is too complicated and should be made more user-friendly."

"We would like to integrate with some of the other reporting tools that we're planning to use in the future."

"They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."

"The penetration testing feature should be included."

"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."

"The databases for HCL are small and have room for improvement."

"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."

"HCL AppScan needs to improve security."

More HCL AppScan cons

"When comparing this solution to Veracode, Veracode has good interactive features and gives a clear understanding of what the vulnerabilities are, which error line of the vulnerability is on and what can be done. It gives interactive features, whereas this solution does not give a clear understanding of where or how to fix the problem."

"Sometimes the response time is low because the handshake fails, and then you have to re-login and start again."

"The virus code updates are not frequent enough."

"In certain cases, this product does have false positives, which the company should work on."

"There's a distinction between internal and external scanning processes that could be streamlined. Currently, for internal scanning, specific configurations and scanner appliances need to be deployed within the network, which differs from the simpler setup for external scans. This dual process complicates the setup for comprehensive scanning coverage."

"There could be better management and faster scanning."

"The reporting contains too many false positives."

"The support could be faster."

More Qualys Web Application Scanning cons

Pricing and Cost Advice

"The tool was expensive."

"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."

"The product is moderately priced, though it's an investment due to extensive code analysis needs."

"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."

"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."

"HCL AppScan is expensive."

"The product has premium pricing and could be more competitive."

"Our clients are willing to pay the extra money. It is expensive."

More HCL AppScan pricing and cost advice

"It is an expensive platform."

"Try the free trial of the product to understand the basic working mechanisms."

"From my perspective, it is a budget-friendly option."

"Qualys has an IT-based licensing based on a yearly license, which is a good way of handling it. However, in some cases, when we do the PCI scanning, the host will not like the scanning and we lose the IT license. So, this could be improved."

"The product is expensive, at least initially, in comparison to other products in this category."

"Qualys WAS' pricing is competitive."

"It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders."

"The product pricing is fair and reasonably priced."

More Qualys Web Application Scanning pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.

See recommendations

816,406 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

14%

Manufacturing Company

11%

Government

10%

Computer Software Company

16%

Financial Services Firm

16%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about HCL AppScan?

The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.

See all answers

What needs improvement with HCL AppScan?

They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.

See all answers

What is your primary use case for HCL AppScan?

We use AppScan primarily for security testing and performance monitoring across our systems.

See all answers

What do you like most about Qualys Web Application Scanning?

The vulnerability management feature is a strong one. And also the patch management feature.

See all answers

What is your experience regarding pricing and costs for Qualys Web Application Scanning?

The product pricing is fair and reasonably priced.

See all answers

What needs improvement with Qualys Web Application Scanning?

One area for improvement is the user interface. The new UI, which was recently upgraded, feels more complex and less user-friendly than the old version. However, as we continue to use it, we antici...

See all answers

Comparisons

Acunetix vs HCL AppScan

Compared 15% of the time

SonarQube Server (formerly SonarQube) vs HCL AppScan

Compared 13% of the time

Veracode vs HCL AppScan

Compared 11% of the time

Fortify on Demand vs HCL AppScan

Compared 9% of the time

Snyk vs HCL AppScan

Compared 4% of the time

More HCL AppScan Competitors

OWASP Zap vs Qualys Web Application Scanning

Compared 19% of the time

SonarQube Server (formerly SonarQube) vs Qualys Web Application Scanning

Compared 11% of the time

Veracode vs Qualys Web Application Scanning

Compared 9% of the time

Fortify WebInspect vs Qualys Web Application Scanning

Compared 6% of the time

Tenable.io Web Application Scanning vs Qualys Web Application Scanning

Compared 5% of the time

More Qualys Web Application Scanning Competitors

Product Reports

Buyer's Guide

HCL AppScan

November 2024

Download HCL AppScan product report

Buyer's Guide

Qualys Web Application Scanning

November 2024

Download Qualys Web Application Scanning product report

Also Known As

IBM Security AppScan, Rational AppScan, AppScan

Qualys WAS

Learn More

HCLSoftware

Qualys

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.

Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.

Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:

Deep Scanning: All apps and APIs on your internal network and public cloud are covered by Qualys WAS deep scanning to show you any visible vulnerabilities.
DevSec Ops Tool: Detect security issues in your code while still in app development stages and generate comprehensive reports.
Comprehensive Discovery: Discover and catalog new and unknown web apps in your network.
Malware Detection: Scan a website, identify vulnerabilities, and receive alerts to any infections.

Benefits of Qualys Web Application Scanning

Qualys Web Application Scanning offers many benefits, including:

Quick Deployment: Requires no infrastructure or software to upkeep.
Effortless Scalability: Effortlessly launch a deep scan and protect thousands of websites.
Centralized Management: Manage and mend all web app vulnerabilities through a single interface.
Excellent Integration Capabilities: Integrates with Qualys Web App Firewall (WAF) for a single-click virtual patching of found vulnerabilities.
Respond to Threats Immediately: Qualys Continuous Monitoring offers the user a hands-free service by automatically launching scanning and sending notifications of a potential threat.
Cost-effective Solution: Data is analyzed in real time as Qualys WAS is an end-to-end solution; this helps avoid costs associated with managing multiple security vendors.

Reviews from Real Users

Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.

P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."

Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.

Buyer's Guide

HCL AppScan vs. Qualys Web Application Scanning

October 2024

Free Report: HCL AppScan vs. Qualys Web Application Scanning

Find out what your peers are saying about HCL AppScan vs. Qualys Web Application Scanning and other solutions. Updated: October 2024.

DOWNLOAD NOW

816,406 professionals have used our research since 2012.

See our HCL AppScan vs. Qualys Web Application Scanning report.

See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.