HCL AppScan Reviews

I use it for my customers. 

Improvement can be done as per customer requirements.

I have been using HCL AppScan for some time. 

The technical support is good. 

Positive

The initial setup took one to two days. 

The solution is cheap. 

I rate the overall solution a nine out of ten.

I use the tool to scan the web interface.

Compared to other tools only AppScan supports special language.

The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed.

I have been using the solution for two years.

The solution has dedicated and good tech support. We can open a ticket and we get information within two hours. Once we open a ticket we get validation or confirmation of our problem. When we get to the specialist, we will get more information.

Positive

I would rate the overall solution a nine out of ten.

We use HCL AppScan products to help us scan for vulnerabilities and generate reports to provide a foundation on how to fix any issues. Their 4.7 version facilitates machine learning to help us select APIs and customize our scans more specifically. We also use the HCL AppScan Standard Enterprise Source and Cloud for scanning, and we plan to add the HCL AppScan Switch Casing to our toolkit. This makes it easier for us to scan the internet and use Tenable to help us find any issues.

The most valuable feature of the solution is Postman. As a security engineer, Postman allows me to specify exactly what information I need to scan for, rather than just dropping all information and running a scan. I can also use it to do some information gathering before scanning. This allows me to specify APIs and scan accordingly. The feature also saves us time.

As a developer who has been studying and working in the security product industry for several years, I have been impressed by HCL's progress. Although the cost of their product is competitive, I believe they could make it even better by increasing their database size. Companies like Tenable have much larger databases when it comes to vulnerabilities and portals, and even though HCL is connected with other vendors such as Microsoft, their database is not as expansive. The databases for HCL are small and have room for improvement.

HCL already has four solutions: Standard, Enterprise, Open Source, and the Cloud. Perhaps in a future release, HCL can add AI products. Manual work would be made easier with artificial intelligence. Maybe HCL could develop an AI program for scanning.

I have been using the solution for five months.

The solution is scalable.

The initial setup is straightforward. This is a great advantage of HCL, as we can just download, install and run it to identify potential vulnerabilities. Furthermore, the graphical user interface is also simplified.

The implementation didn't take a lot of time; setting up the cloud was just a matter of making my account and getting familiar with the features. After that, we were all logged in and ready to go with no major changes required.

I give the solution a nine out of ten.

I am currently the first person in my company to begin working with HCL. We have not yet gone to any clients, but I plan to get certified in HCL with AppScan. When we have clients that require components from HCL, I will be the representative for them as I am knowledgeable in the subject.

I would highly recommend HCL for people in the workforce. It has a user-friendly interface and the cost is much lower than Tenable. The database is good, and installation is easy. Additionally, technical support is likely to be helpful. Finally, there are a lot of other tools that come with HCL, such as scanners and detectors, which will make the job much easier.

We primarily use the solution for static analysis.

AppScan is within the top three or four static analyzers. Its features include support for many languages. 

The product has a relatively reasonable scan time.

There's extensive functionality with custom rules and a custom knowledge base.

The solution often has a high number of false positives. It's an aspect they really need to improve upon. 

The product has vulnerabilities, or findings, that are almost identical in nature. 

I've used the solution for the last 12 months or so. It's been about a year at this point.

The stability is okay. it's good. It's not very good or excellent, it's just good. I would describe the stability as a bit better than acceptable.

When I worked on it, it wasn't in the cloud. It didn't offer Federation. Now, it is my understanding that it has those, which would make it very scalable. That said, when I used it, I would not give it a very scalable grade - maybe a two out of ten for scalability if you are using it off of the cloud. That said, that's not the latest version. The latest is likely more scalable, I just don't have experience with it.

The technical support is pretty good. They are knowledgeable and responsive. We were satisfied with the level of support we received.

I also know a bit about Checkmarx, Fortify, Veracode, and AppScan.

I didn't really do the actual setup once it got moved into the cloud. I don't know how easy the cloud set up was. However, it's my understanding that it is now potentially easier than it was before, which wasn't too bad. 

I don't know the prices currently. I knew the prices when it was still in-house with IBM, however, I don't know what the cost is now.

I worked with the solution at a previous company. Now I am a consultant and I no longer work with the product. I don't have a business relationship with HCL.

I wanted to do a POC with the current state of what was IBM AppScan and now is HCL. I contacted my contacts at IBM and then they started off the conversation and it went smoothly because a number of people from IBM had gone over to HCL when that product was acquired.

Various tools have their strengths, I would advise anyone who is interested in using a similar solution do a proof of concept first with a few options. Try Checkmarx, Fortify, Veracode, and AppScan, and see which one makes the most sense for your company's purposes. Those would be the top four in my opinion right now.

Overall, I would rate the solution eight out of ten.

We use it as a security testing application. 

HCL AppScan needs to improve security. 

I have been working with the product for ten years. 

HCL AppScan is pretty stable. 

HCL AppScan is easy to deploy and can be done in one to two hours. 

Our clients are willing to pay the extra money. It is expensive. 

I rate HCL AppScan an eight out of ten. 

HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient. 

HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify application security vulnerabilities. However, sometimes AppScan wrongly flags something as a vulnerability when it's not present, which we call a false positive.

I have been using HCL AppScan for nine years.

I rate the solution’s stability an eight out of ten.

The solution is scalable if required.

Customer support is helpful. 

Positive

There is a licensing partner. Sometimes, it is required to install a server. I must remove that license and then eject a new one on a different server. It becomes a bit harder for beginners if they do not have enough experience to install Zoho software.

Deployment takes around an hour, and one person can do it.

I rate the initial setup a six and a half out of ten, where one is difficult and ten is easy.

The tool is not cost-efficient. Considering the type of service with encryption security scanning from HCL AppScan, it drives up the cost unnecessarily. It is fairly priced.

There are some very cost-effective solutions out there. They are also very efficient for systems scanning.

Overall, I rate the solution an eight-point five out of ten.

I used the solution to find vulnerabilities in our website and system. I did some regular checkups.

The UI was very intuitive. It was very easy to understand. It was very easy to scan the websites, see the results, and deliver them to higher management.

It would have been better if we could use it on our desktop. A desktop version should be added.

I had used the solution for one month.

The tool was very stable. I rate the tool’s stability a seven or eight out of ten. Very few people were using the tool in our organization. The stability could have been affected if there were more users.

We had a few users.

We have used solutions like Acunetix. HCL was better. The UI was pretty good. It was intuitive, easy to understand, and reliable.

The installation was easy for me. It took a few hours. A senior employee helped me deploy the tool. The solution was deployed on the cloud.

The tool was expensive. We paid a monthly license fee. There were no additional costs associated with the product.

Someone who wants to use the solution must know why they need the solution. It is quite expensive. We must not spend much on something we do not need. If we have a need and can afford the solution, HCL is a good solution. It is very easy to understand. It has a lot of features. The reporting system is good. Overall, I rate the product a seven out of ten.

We use the solution to test our web applications and services.

The security and the dashboard are the most valuable features.

The pricing has room for improvement.

I have been using the solution for eight years.

I give the stability a seven out of ten.

I give the scalability an eight out of ten.

The support is fine.

Neutral

I give the initial setup a seven out of ten. The implementation took a few weeks.

The implementation was completed in-house.

We have seen around a 50 percent return on investment.

HCL AppScan is expensive.

I give the solution an eight out of ten.

I recommend the solution to others.

We have around 4,000 end users.