Try our new research platform with insights from 80,000+ expert users
Gladwin Christian - PeerSpot reviewer
QA manager at SmartStream Technologies ltd.
Real User
A useful tool to scan applications that can be easily installed
Pros and Cons
  • "The most valuable feature of the solution is the scanning or security part."
  • "The solution's scalability can be a matter of concern because one license runs on one machine only."

What is our primary use case?

HCL AppScan is a security scanning tool that we use in our company to scan our applications.

What is most valuable?

The most valuable feature of the solution is the scanning or security part.

What needs improvement?

My company wants a tool that does static scan and dynamic scan. My company generally expects to do a static and dynamic scan with HCL AppScan.

The solution's technical support team has certain shortcomings where improvements are required. The solution's technical support team generally fails to provide spot-on answers to issues. HCL's technical support team takes a lot of time to come up with a solution to a problem.

For how long have I used the solution?

I have been using HCL AppScan for six to seven years. I use HCL AppScan Version 10.1.0. I am a customer of HCL.

Buyer's Guide
HCL AppScan
December 2024
Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
829,634 professionals have used our research since 2012.

What do I think about the stability of the solution?

Stability-wise, I rate the solution a seven to eight out of ten.

What do I think about the scalability of the solution?

The solution's scalability can be a matter of concern because one license runs on one machine only. I think if you need scalability, then you need to have multiple licenses. When it comes to HCL AppScan, it's not a question of scalability. You can't run one license on multiple machines, as one license is only for one machine. In general, HCL AppScan is not scalable unless you buy more licenses.

How are customer service and support?

The solution's technical support is not that great. I rate the technical support a six out of ten.

How would you rate customer service and support?

Neutral

How was the initial setup?

Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company.

The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays.

The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.

What about the implementation team?

One of the in-house teams in my company was involved in the solution's installation process.

What's my experience with pricing, setup cost, and licensing?

I rate the product's price a seven on a scale of one to ten, where one is low, and ten is high. HCL AppScan is an expensive tool.

Which other solutions did I evaluate?

I compared HCL AppScan with Veracode and other tools. I wanted to see if I could get meaningful differences between them from PeerSpot's website. I couldn't find details on what I was looking for in terms of the comparison of HCL AppScan with Veracode.

What other advice do I have?

I rate the overall tool a seven and a half to eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

PeerSpot user
Rich text editor
    AnanyaRoy - PeerSpot reviewer
    Risk Analyst at Deloitte
    Real User
    Top 5Leaderboard
    A stable and scalable product useful for application security scanning
    Pros and Cons
    • "It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
    • "If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."

    What is our primary use case?

    I use HCL AppScan in my company for application security scanning.

    What is most valuable?

    The most valuable feature of the solution stems from the fact that it is good to run the scan faster. You can basically run the scan and take a break at work since the tool will compute the results, which makes the product quite intuitive. HCL AppScan doesn't require constant monitoring.

    What needs improvement?

    Maybe having some APIs could be helpful. If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly. It would be helpful if the tool had some API gateway that would allow me to run some custom queries.

    For how long have I used the solution?

    I have been using HCL AppScan for around four months. My company is a customer of HCL AppScan.

    What do I think about the stability of the solution?

    It is a stable solution.

    What do I think about the scalability of the solution?

    It is a scalable solution.

    Around 20 people in my company use HCL AppScan.

    How are customer service and support?

    The solution's technical support is good. I rate the technical support an eight out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup or installation of HCL AppScan is easy.

    Maybe two or three hours are required to deploy, install, and configure the product.

    About seven or eight engineers and architects may be required to deploy the product.

    The solution is deployed on the cloud.

    What's my experience with pricing, setup cost, and licensing?

    The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase.

    What other advice do I have?

    Once we get the updates for HCL AppScan, another team in my company takes care of the installation of the new updates, which takes about half a day.

    I would tell those who plan to use HCL AppScan that it is a helpful and beginner-friendly product.

    I rate the overall product a ten out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.

    PeerSpot user
    Rich text editor
      Buyer's Guide
      HCL AppScan
      December 2024
      Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
      829,634 professionals have used our research since 2012.
      Miar Ahmad - PeerSpot reviewer
      Software Engineer at Inspire for Solutions Development
      Real User
      Top 5
      Easy to deploy, scalable, and can specify APIs before scanning
      Pros and Cons
      • "The most valuable feature of the solution is Postman."
      • "The databases for HCL are small and have room for improvement."

      What is our primary use case?

      We use HCL AppScan products to help us scan for vulnerabilities and generate reports to provide a foundation on how to fix any issues. Their 4.7 version facilitates machine learning to help us select APIs and customize our scans more specifically. We also use the HCL AppScan Standard Enterprise Source and Cloud for scanning, and we plan to add the HCL AppScan Switch Casing to our toolkit. This makes it easier for us to scan the internet and use Tenable to help us find any issues.

      What is most valuable?

      The most valuable feature of the solution is Postman. As a security engineer, Postman allows me to specify exactly what information I need to scan for, rather than just dropping all information and running a scan. I can also use it to do some information gathering before scanning. This allows me to specify APIs and scan accordingly. The feature also saves us time.

      What needs improvement?

      As a developer who has been studying and working in the security product industry for several years, I have been impressed by HCL's progress. Although the cost of their product is competitive, I believe they could make it even better by increasing their database size. Companies like Tenable have much larger databases when it comes to vulnerabilities and portals, and even though HCL is connected with other vendors such as Microsoft, their database is not as expansive. The databases for HCL are small and have room for improvement.

      HCL already has four solutions: Standard, Enterprise, Open Source, and the Cloud. Perhaps in a future release, HCL can add AI products. Manual work would be made easier with artificial intelligence. Maybe HCL could develop an AI program for scanning.

      For how long have I used the solution?

      I have been using the solution for five months.

      What do I think about the scalability of the solution?

      The solution is scalable.

      How was the initial setup?

      The initial setup is straightforward. This is a great advantage of HCL, as we can just download, install and run it to identify potential vulnerabilities. Furthermore, the graphical user interface is also simplified.

      The implementation didn't take a lot of time; setting up the cloud was just a matter of making my account and getting familiar with the features. After that, we were all logged in and ready to go with no major changes required.

      What other advice do I have?

      I give the solution a nine out of ten.

      I am currently the first person in my company to begin working with HCL. We have not yet gone to any clients, but I plan to get certified in HCL with AppScan. When we have clients that require components from HCL, I will be the representative for them as I am knowledgeable in the subject.

      I would highly recommend HCL for people in the workforce. It has a user-friendly interface and the cost is much lower than Tenable. The database is good, and installation is easy. Additionally, technical support is likely to be helpful. Finally, there are a lot of other tools that come with HCL, such as scanners and detectors, which will make the job much easier.

      Which deployment model are you using for this solution?

      Public Cloud
      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

      PeerSpot user
      Rich text editor
        Director For Security Products at a manufacturing company with 10,001+ employees
        Real User
        It has helped us find vulnerabilities in our software, though AppScan Source is rather hard to use
        Pros and Cons
        • "It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
        • "​IBM Security AppScan Source is rather hard to use​."
        • "There are so many lines of code with so many different categories that I am likely to get lost. ​"

        What is our primary use case?

        We use it prior to product releases. The web scan portion is used to find vulnerabilities, for example, if we have opened up any ports that we should not have. The source scan is used to look for similar types of vulnerabilities. However, at the source code level, it is scanning the source code, whereas the web scan is hitting ports trying to overload it. Thus, we use both of these types of scans before every product release of several of our products.

        We have it installed on-premise, although we have a guy who is looking at the cloud version.

        How has it helped my organization?

        It has certainly helped us find vulnerabilities in our software, so this is priceless in the end. 

        IBM Application Security has contributed to the maturity of our AppScan risk management program.

        While it depends on the product, on average ten percent of our code is open source. Many products are either zero percent open source or maybe up to ten percent. They could possible be up to twenty percent open source, but never more than that.

        What is most valuable?

        The most valuable feature is the web scan from our perspective. Being able to quickly find the vulnerabilities if any developer has inadvertently put them in. The source scan is of value, but it is so hard to use that it is of less value.

        What needs improvement?

        IBM Security AppScan Source is rather hard to use. Some improvements need to be made to the usability for AppScan Source, specifically. Our biggest problem, we have a lot of code and everything just ends up looking like spaghetti after we run an AppScan Source. It is hard to evolve from one rev to the next. Trying to reuse the things we have found in a previous release to the next release is too hard.

        What do I think about the stability of the solution?

        It is perfectly stable.

        What do I think about the scalability of the solution?

        Scalability is good. However, this ties into the usability a little bit, because we have a million lines of code in one product and this is part of what makes AppScan Source so difficult to use. There are so many lines of code with so many different categories that I am likely to get lost. 

        What other advice do I have?

        AppScan Web is a good, and it does a good job. 

        For AppScan Source, you might find a better solution out there. We are not actively looking for a better solution right now, and are just using it. However, if somebody else was starting from scratch, that is what I would tell them.

        Most important criteria when selecting a vendor: quality of the software.

        Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.

        PeerSpot user
        Rich text editor
          Sthembiso Zondi - PeerSpot reviewer
          Head of Software Engineering at BET Software
          Real User
          Top 10
          Has a straightforward setup process and valuable security features
          Pros and Cons
          • "The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats."
          • "They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."

          What is our primary use case?

          We use AppScan primarily for security testing and performance monitoring across our systems.

          How has it helped my organization?

          The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall security.

          What is most valuable?

          The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats.

          What needs improvement?

          They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.

          For how long have I used the solution?

          We've been using HCL AppScan since July last year, so approximately one year.

          What do I think about the stability of the solution?

          The platform has been stable, reducing code issues significantly. 

          I rate stability an eight. 

          What do I think about the scalability of the solution?

          The product scalability hasn't been fully tested in our environment, but I estimate it to be around seven or eight. 

          How was the initial setup?

          The deployment was straightforward as we used the on-premise version. Some initial challenges were later resolved with assistance from HCL. 

          I would rate the setup process a seven out of ten.

          What's my experience with pricing, setup cost, and licensing?

          The product is moderately priced, though it's an investment due to extensive code analysis needs.

          What other advice do I have?

          The platform avails dynamic scanning checks in the pre-live environment, while static scanning evaluates code in the development phase. It aids in achieving ISO compliance by ensuring thorough scanning and security checks across our environment. 

          Overall, I rate it an eight. 

          Disclosure: I am a real user, and this review is based on my own experience and opinions.
          Flag as inappropriate

          PeerSpot user
          Rich text editor
            Solutions Architect at IBM
            Real User
            Top 20
            Straightforward to use with good scanning and helpful support
            Pros and Cons
            • "Technical support is helpful."
            • "They should have a better UI for dashboards."

            What is our primary use case?

            We primarily use the solution for static scans as well as dynamic scans to check for vulnerabilities. 

            What is most valuable?

            The scanning is quite good. It's good for helping us seek out vulnerabilities and fixing hot spots. 

            The pricing is fine. 

            It's on a managed cloud, and that makes it very easy. It's straightforward to use.

            The solution has been stable, and we haven't really had downtime. 

            It's stable. 

            Technical support is helpful.

            What needs improvement?

            I do not have any notes for improvements. 

            They should have a better UI for dashboards. It would be nice to have visualizations such as pie charts. This would help administrators and be more of a value-add. 

            For how long have I used the solution?

            I've been using the solution for three years. 

            What do I think about the stability of the solution?

            The solution is stable. We haven't had any downtime. I'd rate it eight out of ten. There are no bugs or glitches. It doesn't crash or freeze. 

            What do I think about the scalability of the solution?

            I'm not directly working to scale the solution. I don't know how well it extends. 

            We have many people in our organization on the product. 

            How are customer service and support?

            I've contacted technical support in the past. We have dedicated Slack channels, and we can easily open tickets with them for troubleshooting. They are fast and knowledgeable. 

            How would you rate customer service and support?

            Positive

            Which solution did I use previously and why did I switch?

            I also use SonarQube. We also use SonarQube for code quality.

            We did not previously use any other solution.

            How was the initial setup?

            We do not have to manage the setup. It is a managed cloud offering. There is no implementation process. We just need to upload the applications. It doesn't take any time at all. Everything is automatic. 

            What's my experience with pricing, setup cost, and licensing?

            The cost is okay. It's not overly expensive. 

            We do not have to continuously pay for a license. 

            What other advice do I have?

            I'm not sure of the exact version I'm using. 

            I'd rate the solution nine out of ten. It's pretty straightforward to use, and we like that it is a managed cloud. 

            Which deployment model are you using for this solution?

            Public Cloud
            Disclosure: I am a real user, and this review is based on my own experience and opinions.

            PeerSpot user
            Rich text editor
              Security Engineer at KEPCO KDN
              Real User
              The solution has some technical limitations, though it is easy to use
              Pros and Cons
              • "The solution is easy to use."
              • "The product has some technical limitations."

              What is our primary use case?

              I use the tool to find system information for penetration testing and ethical hacking.

              What is most valuable?

              The solution is easy to use. It is useful for finding basic information about systems.

              What needs improvement?

              The product has some technical limitations. Finding critical things with the solution is difficult because most organizations update their systems. We find the product vulnerabilities manually.

              For how long have I used the solution?

              I have been using the solution for four years.

              What do I think about the stability of the solution?

              I rate the stability an eight out of ten.

              What do I think about the scalability of the solution?

              I rate the scalability a five out of ten. The solution is not enough for our needs. We are testing more than 50 companies with the solution. The largest company has more than 10,000 employees. We are planning to increase the number of users of the solution.

              How was the initial setup?

              The initial setup is not difficult. I rate the ease of setup a seven out of ten.

              What about the implementation team?

              It took us five minutes to install the solution. We need four engineers to maintain the solution.

              What's my experience with pricing, setup cost, and licensing?

              I rate the solution’s pricing a five out of ten.

              What other advice do I have?

              I am using the latest version of the solution. We usually perform ethical hacking using Burp Suite. The solution will be more advanced if it can be developed using ChatGPT. I would recommend the solution to others because it is the most famous web scanner. Overall, I rate the solution a five out of ten.

              Which deployment model are you using for this solution?

              On-premises
              Disclosure: I am a real user, and this review is based on my own experience and opinions.

              PeerSpot user
              Rich text editor
                Manh Duong - PeerSpot reviewer
                General Manager at Groupe PROGEREAL- FINAREAL - PROMOREAL
                Real User
                Responsive support, simple implementation, and scalable
                Pros and Cons
                • "The most valuable feature of HCL AppScan is scanning QR codes."
                • "The solution could improve by having a mobile version."

                What is most valuable?

                The most valuable feature of HCL AppScan is scanning QR codes.

                What needs improvement?

                The solution could improve by having a mobile version.

                For how long have I used the solution?

                I have been using HCL AppScan for approximately one year.

                What do I think about the stability of the solution?

                I have found HCL AppScan to be stable.

                What do I think about the scalability of the solution?

                HCL AppScan is a scalable solution. it can easily scale up and out.

                How are customer service and support?

                The support I have received has been good. I had an issue and I opened a ticket with the support, and everything went smooth. 

                How was the initial setup?

                The initial setup of HCL AppScan is easy.

                What other advice do I have?

                I rate HCL AppScan an eight out of ten.

                Disclosure: I am a real user, and this review is based on my own experience and opinions.

                PeerSpot user
                Rich text editor
                  Buyer's Guide
                  Download our free HCL AppScan Report and get advice and tips from experienced pros sharing their opinions.
                  Updated: December 2024
                  Buyer's Guide
                  Download our free HCL AppScan Report and get advice and tips from experienced pros sharing their opinions.
                  ...
                  ...