I use HCL AppScan in my company for application security scanning.
Risk Analyst at Deloitte
A stable and scalable product useful for application security scanning
Pros and Cons
- "It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
- "If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
What is our primary use case?
What is most valuable?
The most valuable feature of the solution stems from the fact that it is good to run the scan faster. You can basically run the scan and take a break at work since the tool will compute the results, which makes the product quite intuitive. HCL AppScan doesn't require constant monitoring.
What needs improvement?
Maybe having some APIs could be helpful. If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly. It would be helpful if the tool had some API gateway that would allow me to run some custom queries.
For how long have I used the solution?
I have been using HCL AppScan for around four months. My company is a customer of HCL AppScan.
Buyer's Guide
HCL AppScan
November 2024
Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,192 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
It is a scalable solution.
Around 20 people in my company use HCL AppScan.
How are customer service and support?
The solution's technical support is good. I rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup or installation of HCL AppScan is easy.
Maybe two or three hours are required to deploy, install, and configure the product.
About seven or eight engineers and architects may be required to deploy the product.
The solution is deployed on the cloud.
What's my experience with pricing, setup cost, and licensing?
The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase.
What other advice do I have?
Once we get the updates for HCL AppScan, another team in my company takes care of the installation of the new updates, which takes about half a day.
I would tell those who plan to use HCL AppScan that it is a helpful and beginner-friendly product.
I rate the overall product a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Software Engineer at Inspire for Solutions Development
Easy to deploy, scalable, and can specify APIs before scanning
Pros and Cons
- "The most valuable feature of the solution is Postman."
- "The databases for HCL are small and have room for improvement."
What is our primary use case?
We use HCL AppScan products to help us scan for vulnerabilities and generate reports to provide a foundation on how to fix any issues. Their 4.7 version facilitates machine learning to help us select APIs and customize our scans more specifically. We also use the HCL AppScan Standard Enterprise Source and Cloud for scanning, and we plan to add the HCL AppScan Switch Casing to our toolkit. This makes it easier for us to scan the internet and use Tenable to help us find any issues.
What is most valuable?
The most valuable feature of the solution is Postman. As a security engineer, Postman allows me to specify exactly what information I need to scan for, rather than just dropping all information and running a scan. I can also use it to do some information gathering before scanning. This allows me to specify APIs and scan accordingly. The feature also saves us time.
What needs improvement?
As a developer who has been studying and working in the security product industry for several years, I have been impressed by HCL's progress. Although the cost of their product is competitive, I believe they could make it even better by increasing their database size. Companies like Tenable have much larger databases when it comes to vulnerabilities and portals, and even though HCL is connected with other vendors such as Microsoft, their database is not as expansive. The databases for HCL are small and have room for improvement.
HCL already has four solutions: Standard, Enterprise, Open Source, and the Cloud. Perhaps in a future release, HCL can add AI products. Manual work would be made easier with artificial intelligence. Maybe HCL could develop an AI program for scanning.
For how long have I used the solution?
I have been using the solution for five months.
What do I think about the scalability of the solution?
The solution is scalable.
How was the initial setup?
The initial setup is straightforward. This is a great advantage of HCL, as we can just download, install and run it to identify potential vulnerabilities. Furthermore, the graphical user interface is also simplified.
The implementation didn't take a lot of time; setting up the cloud was just a matter of making my account and getting familiar with the features. After that, we were all logged in and ready to go with no major changes required.
What other advice do I have?
I give the solution a nine out of ten.
I am currently the first person in my company to begin working with HCL. We have not yet gone to any clients, but I plan to get certified in HCL with AppScan. When we have clients that require components from HCL, I will be the representative for them as I am knowledgeable in the subject.
I would highly recommend HCL for people in the workforce. It has a user-friendly interface and the cost is much lower than Tenable. The database is good, and installation is easy. Additionally, technical support is likely to be helpful. Finally, there are a lot of other tools that come with HCL, such as scanners and detectors, which will make the job much easier.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
HCL AppScan
November 2024
Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,192 professionals have used our research since 2012.
It has helped us find vulnerabilities in our software, though AppScan Source is rather hard to use
Pros and Cons
- "It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
- "IBM Security AppScan Source is rather hard to use."
- "There are so many lines of code with so many different categories that I am likely to get lost. "
What is our primary use case?
We use it prior to product releases. The web scan portion is used to find vulnerabilities, for example, if we have opened up any ports that we should not have. The source scan is used to look for similar types of vulnerabilities. However, at the source code level, it is scanning the source code, whereas the web scan is hitting ports trying to overload it. Thus, we use both of these types of scans before every product release of several of our products.
We have it installed on-premise, although we have a guy who is looking at the cloud version.
How has it helped my organization?
It has certainly helped us find vulnerabilities in our software, so this is priceless in the end.
IBM Application Security has contributed to the maturity of our AppScan risk management program.
While it depends on the product, on average ten percent of our code is open source. Many products are either zero percent open source or maybe up to ten percent. They could possible be up to twenty percent open source, but never more than that.
What is most valuable?
The most valuable feature is the web scan from our perspective. Being able to quickly find the vulnerabilities if any developer has inadvertently put them in. The source scan is of value, but it is so hard to use that it is of less value.
What needs improvement?
IBM Security AppScan Source is rather hard to use. Some improvements need to be made to the usability for AppScan Source, specifically. Our biggest problem, we have a lot of code and everything just ends up looking like spaghetti after we run an AppScan Source. It is hard to evolve from one rev to the next. Trying to reuse the things we have found in a previous release to the next release is too hard.
What do I think about the stability of the solution?
It is perfectly stable.
What do I think about the scalability of the solution?
Scalability is good. However, this ties into the usability a little bit, because we have a million lines of code in one product and this is part of what makes AppScan Source so difficult to use. There are so many lines of code with so many different categories that I am likely to get lost.
What other advice do I have?
AppScan Web is a good, and it does a good job.
For AppScan Source, you might find a better solution out there. We are not actively looking for a better solution right now, and are just using it. However, if somebody else was starting from scratch, that is what I would tell them.
Most important criteria when selecting a vendor: quality of the software.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Head of Software Engineering at BET Software
Has a straightforward setup process and valuable security features
Pros and Cons
- "The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats."
- "They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."
What is our primary use case?
We use AppScan primarily for security testing and performance monitoring across our systems.
How has it helped my organization?
The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall security.
What is most valuable?
The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats.
What needs improvement?
They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.
For how long have I used the solution?
We've been using HCL AppScan since July last year, so approximately one year.
What do I think about the stability of the solution?
The platform has been stable, reducing code issues significantly.
I rate stability an eight.
What do I think about the scalability of the solution?
The product scalability hasn't been fully tested in our environment, but I estimate it to be around seven or eight.
How was the initial setup?
The deployment was straightforward as we used the on-premise version. Some initial challenges were later resolved with assistance from HCL.
I would rate the setup process a seven out of ten.
What's my experience with pricing, setup cost, and licensing?
The product is moderately priced, though it's an investment due to extensive code analysis needs.
What other advice do I have?
The platform avails dynamic scanning checks in the pre-live environment, while static scanning evaluates code in the development phase. It aids in achieving ISO compliance by ensuring thorough scanning and security checks across our environment.
Overall, I rate it an eight.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 7, 2024
Flag as inappropriateSolutions Architect at IBM
Straightforward to use with good scanning and helpful support
Pros and Cons
- "Technical support is helpful."
- "They should have a better UI for dashboards."
What is our primary use case?
We primarily use the solution for static scans as well as dynamic scans to check for vulnerabilities.
What is most valuable?
The scanning is quite good. It's good for helping us seek out vulnerabilities and fixing hot spots.
The pricing is fine.
It's on a managed cloud, and that makes it very easy. It's straightforward to use.
The solution has been stable, and we haven't really had downtime.
It's stable.
Technical support is helpful.
What needs improvement?
I do not have any notes for improvements.
They should have a better UI for dashboards. It would be nice to have visualizations such as pie charts. This would help administrators and be more of a value-add.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the stability of the solution?
The solution is stable. We haven't had any downtime. I'd rate it eight out of ten. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
I'm not directly working to scale the solution. I don't know how well it extends.
We have many people in our organization on the product.
How are customer service and support?
I've contacted technical support in the past. We have dedicated Slack channels, and we can easily open tickets with them for troubleshooting. They are fast and knowledgeable.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I also use SonarQube. We also use SonarQube for code quality.
We did not previously use any other solution.
How was the initial setup?
We do not have to manage the setup. It is a managed cloud offering. There is no implementation process. We just need to upload the applications. It doesn't take any time at all. Everything is automatic.
What's my experience with pricing, setup cost, and licensing?
The cost is okay. It's not overly expensive.
We do not have to continuously pay for a license.
What other advice do I have?
I'm not sure of the exact version I'm using.
I'd rate the solution nine out of ten. It's pretty straightforward to use, and we like that it is a managed cloud.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Software Quality Assurance Engineer at IT22
The UI was very intuitive and easy to understand, but the tool was expensive
Pros and Cons
- "The UI was very intuitive."
- "A desktop version should be added."
What is our primary use case?
I used the solution to find vulnerabilities in our website and system. I did some regular checkups.
What is most valuable?
The UI was very intuitive. It was very easy to understand. It was very easy to scan the websites, see the results, and deliver them to higher management.
What needs improvement?
It would have been better if we could use it on our desktop. A desktop version should be added.
For how long have I used the solution?
I had used the solution for one month.
What do I think about the stability of the solution?
The tool was very stable. I rate the tool’s stability a seven or eight out of ten. Very few people were using the tool in our organization. The stability could have been affected if there were more users.
What do I think about the scalability of the solution?
We had a few users.
Which solution did I use previously and why did I switch?
We have used solutions like Acunetix. HCL was better. The UI was pretty good. It was intuitive, easy to understand, and reliable.
How was the initial setup?
The installation was easy for me. It took a few hours. A senior employee helped me deploy the tool. The solution was deployed on the cloud.
What's my experience with pricing, setup cost, and licensing?
The tool was expensive. We paid a monthly license fee. There were no additional costs associated with the product.
What other advice do I have?
Someone who wants to use the solution must know why they need the solution. It is quite expensive. We must not spend much on something we do not need. If we have a need and can afford the solution, HCL is a good solution. It is very easy to understand. It has a lot of features. The reporting system is good. Overall, I rate the product a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at KEPCO KDN
The solution has some technical limitations, though it is easy to use
Pros and Cons
- "The solution is easy to use."
- "The product has some technical limitations."
What is our primary use case?
I use the tool to find system information for penetration testing and ethical hacking.
What is most valuable?
The solution is easy to use. It is useful for finding basic information about systems.
What needs improvement?
The product has some technical limitations. Finding critical things with the solution is difficult because most organizations update their systems. We find the product vulnerabilities manually.
For how long have I used the solution?
I have been using the solution for four years.
What do I think about the stability of the solution?
I rate the stability an eight out of ten.
What do I think about the scalability of the solution?
I rate the scalability a five out of ten. The solution is not enough for our needs. We are testing more than 50 companies with the solution. The largest company has more than 10,000 employees. We are planning to increase the number of users of the solution.
How was the initial setup?
The initial setup is not difficult. I rate the ease of setup a seven out of ten.
What about the implementation team?
It took us five minutes to install the solution. We need four engineers to maintain the solution.
What's my experience with pricing, setup cost, and licensing?
I rate the solution’s pricing a five out of ten.
What other advice do I have?
I am using the latest version of the solution. We usually perform ethical hacking using Burp Suite. The solution will be more advanced if it can be developed using ChatGPT. I would recommend the solution to others because it is the most famous web scanner. Overall, I rate the solution a five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
General Manager at Groupe PROGEREAL- FINAREAL - PROMOREAL
Responsive support, simple implementation, and scalable
Pros and Cons
- "The most valuable feature of HCL AppScan is scanning QR codes."
- "The solution could improve by having a mobile version."
What is most valuable?
The most valuable feature of HCL AppScan is scanning QR codes.
What needs improvement?
The solution could improve by having a mobile version.
For how long have I used the solution?
I have been using HCL AppScan for approximately one year.
What do I think about the stability of the solution?
I have found HCL AppScan to be stable.
What do I think about the scalability of the solution?
HCL AppScan is a scalable solution. it can easily scale up and out.
How are customer service and support?
The support I have received has been good. I had an issue and I opened a ticket with the support, and everything went smooth.
How was the initial setup?
The initial setup of HCL AppScan is easy.
What other advice do I have?
I rate HCL AppScan an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free HCL AppScan Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Application Security Tools Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST)Popular Comparisons
SonarQube Server (formerly SonarQube)
Veracode
GitLab
Checkmarx One
Mend.io
Fortify on Demand
Sonatype Lifecycle
Acunetix
PortSwigger Burp Suite Professional
Qualys Web Application Scanning
Tenable.io Web Application Scanning
CodeSonar
Kiuwan
Contrast Security Assess
Buyer's Guide
Download our free HCL AppScan Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Difference between IBM Appscan and HP fortify software
- Which solution do you prefer: Fortify WebInspect or HCL AppScan?
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which application security solutions include both vulnerability scans and quality checks?
- We're evaluating Tripwire, what else should we consider?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?