Associate Principal, Software Engineering at LTIMindtree
Real User
Top 5
2024-11-11T15:42:00Z
Nov 11, 2024
If funding is not an issue, I recommend considering higher-priced tools for their extended features, but AppScan is a reliable option as well when budget constraints are a concern. I'd rate the solution seven out of ten.
The platform avails dynamic scanning checks in the pre-live environment, while static scanning evaluates code in the development phase. It aids in achieving ISO compliance by ensuring thorough scanning and security checks across our environment. Overall, I rate it an eight.
AppScan's dynamic and static scanning capabilities have benefited my security testing processes significantly. It helps in scanning the code automatically during the SDLC and ensures security before pushing it to production. Both dynamic and static scanning solutions are essential for me, making AppScan a valuable tool. AppScan integrates smoothly with existing security and development workflows. It offers easy integration with tools like SBS and provides developer plug-ins for seamless inclusion in the workflow. My use of AppScan has been influenced by the trend towards comprehensive application security testing. While researching the best solution, I found it challenging to locate information and personal experiences with AppScan. I would recommend AppScan to others. In my opinion, it is the best solution for web application security testing. Overall, I would rate AppScan as a ten out of ten.
Cyber Security Architect and Presales Consultant at Kyndryl
Reseller
Top 10
2024-01-16T08:03:08Z
Jan 16, 2024
I rate HCL AppScan a nine out of ten, specifically for SAST and DAST functionality. However, I would rate a seven out of ten for the areas related to API and mobile application security testing.
Scientific Officer at a tech services company with 51-200 employees
Real User
Top 20
2023-12-27T09:06:00Z
Dec 27, 2023
There are some very cost-effective solutions out there. They are also very efficient for systems scanning. Overall, I rate the solution an eight-point five out of ten.
Someone who wants to use the solution must know why they need the solution. It is quite expensive. We must not spend much on something we do not need. If we have a need and can afford the solution, HCL is a good solution. It is very easy to understand. It has a lot of features. The reporting system is good. Overall, I rate the product a seven out of ten.
Once we get the updates for HCL AppScan, another team in my company takes care of the installation of the new updates, which takes about half a day. I would tell those who plan to use HCL AppScan that it is a helpful and beginner-friendly product. I rate the overall product a ten out of ten.
Senior Manager - IT Security & ISMS at Ericsson
Real User
Top 5
2023-04-25T11:21:11Z
Apr 25, 2023
I would rate the product a three out of ten. We use the solution only for quarterly scanning. There are better tools in the market at the same price. These tools can integrate more with applications. The tool's providers don't invest in making a good product. Hence, it is better to use a different tool.
I'm not sure of the exact version I'm using. I'd rate the solution nine out of ten. It's pretty straightforward to use, and we like that it is a managed cloud.
Software Engineer at Inspire for Solutions Development
Real User
Top 5
2023-02-06T15:07:10Z
Feb 6, 2023
I give the solution a nine out of ten. I am currently the first person in my company to begin working with HCL. We have not yet gone to any clients, but I plan to get certified in HCL with AppScan. When we have clients that require components from HCL, I will be the representative for them as I am knowledgeable in the subject. I would highly recommend HCL for people in the workforce. It has a user-friendly interface and the cost is much lower than Tenable. The database is good, and installation is easy. Additionally, technical support is likely to be helpful. Finally, there are a lot of other tools that come with HCL, such as scanners and detectors, which will make the job much easier.
Overall performance of this solution is not terrible but it does not offer new age features. If you want to integrate with other solutions or complete testing in the cloud, this is not the right solution. I would advise others considering this solution to complete a proper proof of concept or to run a pilot before implementing it. I would rate this solution a three out of ten.
Principal Architect, Application Build Security. at a transportation company with 10,001+ employees
Real User
2022-01-19T14:46:24Z
Jan 19, 2022
Before you choose a tool, whether it is Burp Suite, AppScan, or any other tool, you must first construct your business requirements, or the business use case. And you must detail out all of the product's features, as well as map the features to the business use cases. If the product meets or exceeds the majority of the business use cases, then you only need to choose that product. Otherwise, you will end up customizing the product after you buy it, which will create issues in terms of engaging with the professional services of that specific vendor. Then there's the matter of time and money. Detail all of your business use cases, then map those use cases to the product feature list and choose the product. We have a business relationship with AppScan, as customers, and some of our business partners have project outsourcing with IT companies, such as HCL, IBM, Dell, and Infosys. I would rate HCL AppScan a nine out of ten.
Senior Manager, IT Test Automation Engineering at a outsourcing company with 10,001+ employees
Real User
2021-02-17T00:01:13Z
Feb 17, 2021
I don't have information on the relationship HCL has with my company. My understanding is they are just a vendor for us. In general, I would rate them at a six out of ten. There are many areas in which they could improve, including by adding more languages and re-vamping their technical support. They are lacking in a lot of areas.
Owner/ Consultant at a tech services company with 1-10 employees
Consultant
2020-12-07T14:45:36Z
Dec 7, 2020
I worked with the solution at a previous company. Now I am a consultant and I no longer work with the product. I don't have a business relationship with HCL. I wanted to do a POC with the current state of what was IBM AppScan and now is HCL. I contacted my contacts at IBM and then they started off the conversation and it went smoothly because a number of people from IBM had gone over to HCL when that product was acquired. Various tools have their strengths, I would advise anyone who is interested in using a similar solution do a proof of concept first with a few options. Try Checkmarx, Fortify, Veracode, and AppScan, and see which one makes the most sense for your company's purposes. Those would be the top four in my opinion right now. Overall, I would rate the solution eight out of ten.
General Manager at a consultancy with 51-200 employees
Real User
2020-11-04T15:21:44Z
Nov 4, 2020
I would recommend AppScan to other businesses. In a small-scale setup, it works perfectly fine, but if you are a larger organization with a lot of applications and you need to do CI/CD, then it's probably not the solution for you. Conversely, in a small organization with less than 20 applications, this will work pretty nicely. On a scale from one to ten, I would give this solution a rating of seven. If they can integrate with CI/CD and make the log-in mechanism a little smoother, they should be able to scale it up. If they could integrate with the CI/CD pipeline and make the scans a little faster, then I would give it a higher rating.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
If funding is not an issue, I recommend considering higher-priced tools for their extended features, but AppScan is a reliable option as well when budget constraints are a concern. I'd rate the solution seven out of ten.
The platform avails dynamic scanning checks in the pre-live environment, while static scanning evaluates code in the development phase. It aids in achieving ISO compliance by ensuring thorough scanning and security checks across our environment. Overall, I rate it an eight.
AppScan's dynamic and static scanning capabilities have benefited my security testing processes significantly. It helps in scanning the code automatically during the SDLC and ensures security before pushing it to production. Both dynamic and static scanning solutions are essential for me, making AppScan a valuable tool. AppScan integrates smoothly with existing security and development workflows. It offers easy integration with tools like SBS and provides developer plug-ins for seamless inclusion in the workflow. My use of AppScan has been influenced by the trend towards comprehensive application security testing. While researching the best solution, I found it challenging to locate information and personal experiences with AppScan. I would recommend AppScan to others. In my opinion, it is the best solution for web application security testing. Overall, I would rate AppScan as a ten out of ten.
I rate HCL AppScan a nine out of ten, specifically for SAST and DAST functionality. However, I would rate a seven out of ten for the areas related to API and mobile application security testing.
There are some very cost-effective solutions out there. They are also very efficient for systems scanning. Overall, I rate the solution an eight-point five out of ten.
Someone who wants to use the solution must know why they need the solution. It is quite expensive. We must not spend much on something we do not need. If we have a need and can afford the solution, HCL is a good solution. It is very easy to understand. It has a lot of features. The reporting system is good. Overall, I rate the product a seven out of ten.
Once we get the updates for HCL AppScan, another team in my company takes care of the installation of the new updates, which takes about half a day. I would tell those who plan to use HCL AppScan that it is a helpful and beginner-friendly product. I rate the overall product a ten out of ten.
I rate the overall solution eight out of ten.
I would rate the product a three out of ten. We use the solution only for quarterly scanning. There are better tools in the market at the same price. These tools can integrate more with applications. The tool's providers don't invest in making a good product. Hence, it is better to use a different tool.
I'm not sure of the exact version I'm using. I'd rate the solution nine out of ten. It's pretty straightforward to use, and we like that it is a managed cloud.
I would rate the overall solution a nine out of ten.
I give the solution a nine out of ten. I am currently the first person in my company to begin working with HCL. We have not yet gone to any clients, but I plan to get certified in HCL with AppScan. When we have clients that require components from HCL, I will be the representative for them as I am knowledgeable in the subject. I would highly recommend HCL for people in the workforce. It has a user-friendly interface and the cost is much lower than Tenable. The database is good, and installation is easy. Additionally, technical support is likely to be helpful. Finally, there are a lot of other tools that come with HCL, such as scanners and detectors, which will make the job much easier.
Overall performance of this solution is not terrible but it does not offer new age features. If you want to integrate with other solutions or complete testing in the cloud, this is not the right solution. I would advise others considering this solution to complete a proper proof of concept or to run a pilot before implementing it. I would rate this solution a three out of ten.
I would rate AppScan four out of ten.
We are end-users. I'd rate the solution a seven out of ten.
I rate HCL AppScan an eight out of ten.
Before you choose a tool, whether it is Burp Suite, AppScan, or any other tool, you must first construct your business requirements, or the business use case. And you must detail out all of the product's features, as well as map the features to the business use cases. If the product meets or exceeds the majority of the business use cases, then you only need to choose that product. Otherwise, you will end up customizing the product after you buy it, which will create issues in terms of engaging with the professional services of that specific vendor. Then there's the matter of time and money. Detail all of your business use cases, then map those use cases to the product feature list and choose the product. We have a business relationship with AppScan, as customers, and some of our business partners have project outsourcing with IT companies, such as HCL, IBM, Dell, and Infosys. I would rate HCL AppScan a nine out of ten.
I don't have information on the relationship HCL has with my company. My understanding is they are just a vendor for us. In general, I would rate them at a six out of ten. There are many areas in which they could improve, including by adding more languages and re-vamping their technical support. They are lacking in a lot of areas.
I worked with the solution at a previous company. Now I am a consultant and I no longer work with the product. I don't have a business relationship with HCL. I wanted to do a POC with the current state of what was IBM AppScan and now is HCL. I contacted my contacts at IBM and then they started off the conversation and it went smoothly because a number of people from IBM had gone over to HCL when that product was acquired. Various tools have their strengths, I would advise anyone who is interested in using a similar solution do a proof of concept first with a few options. Try Checkmarx, Fortify, Veracode, and AppScan, and see which one makes the most sense for your company's purposes. Those would be the top four in my opinion right now. Overall, I would rate the solution eight out of ten.
I would recommend AppScan to other businesses. In a small-scale setup, it works perfectly fine, but if you are a larger organization with a lot of applications and you need to do CI/CD, then it's probably not the solution for you. Conversely, in a small organization with less than 20 applications, this will work pretty nicely. On a scale from one to ten, I would give this solution a rating of seven. If they can integrate with CI/CD and make the log-in mechanism a little smoother, they should be able to scale it up. If they could integrate with the CI/CD pipeline and make the scans a little faster, then I would give it a higher rating.