I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for vulnerabilities, including open-source code.
Cyber Security Architect and Presales Consultant at Kyndryl
Reseller
Top 10
2024-01-16T08:03:08Z
Jan 16, 2024
We use the product for Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). By integrating AppScan into our CI/CD pipelines, aligned with Agile methodologies, we ensure that security testing becomes an integral part of the software development lifecycle.
We use it for evaluating the application's code on web pages and previously published applications to identify vulnerabilities. It helps us to see how the code is written and how hard it is to find vulnerabilities. It's a useful tool for our purposes.
Software Engineer at Inspire for Solutions Development
Real User
Top 5
2023-02-06T15:07:10Z
Feb 6, 2023
We use HCL AppScan products to help us scan for vulnerabilities and generate reports to provide a foundation on how to fix any issues. Their 4.7 version facilitates machine learning to help us select APIs and customize our scans more specifically. We also use the HCL AppScan Standard Enterprise Source and Cloud for scanning, and we plan to add the HCL AppScan Switch Casing to our toolkit. This makes it easier for us to scan the internet and use Tenable to help us find any issues.
Innovation manager at a computer software company with 51-200 employees
Real User
2022-05-05T16:28:25Z
May 5, 2022
I have a set project, and I'm writing an application for monitoring server status, and I tried several times to scan it with AppScan in order to understand if there are vulnerabilities in my code.
Principal Architect, Application Build Security. at a transportation company with 10,001+ employees
Real User
2022-01-19T14:46:24Z
Jan 19, 2022
HCL AppScan is primarily used to improve application security. We are transitioning from DevOps to DevSecOps. We are attempting to integrate these tools into our CICD pipeline in order to meet our business use cases. And if we notice that the tool is missing any business features or a feature, we will highlight them and work to have them fixed or implemented. That is how we go about it. We don't go for any generic features because that will be handled by the product team. We are here to identify our gaps and then have them implemented by the vendor team. AppScan is only used for web scanning; we do not use it for anything else.
General Manager at a consultancy with 51-200 employees
Real User
2020-11-04T15:21:44Z
Nov 4, 2020
We perform more dynamic scanning using AppScan. We set up a scan, perform it and get the results, and then give the results back to our customer. Within our organization, there are four members of the team who are using it. Currently, we are satisfied with AppScan but I am sure there are better alternatives available because this is a very old product. It's been on market for more than ten years now. I am sure there are a lot of new age products that are more scalable and cloud-based. Although we are using it and will probably continue to do so moving forward, I think there are better alternatives on the market now.
Cybersecurity Architecture and Technology Lead at Appxone
Consultant
2019-05-04T05:40:00Z
May 4, 2019
The primary use case is to detect time-based Blind SQL Injection attacks, as well as Error-Based Injection attacks. The SQL injection attack is my favorite and I have more expertise in this vulnerability.
Our clients use it to try to find errors in base code, and also to find how solutions work together. I believe they have on-premise usage; they are local government, so they are not very used to using the cloud.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
We use AppScan primarily for security testing and performance monitoring across our systems.
I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for vulnerabilities, including open-source code.
We use the product for Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). By integrating AppScan into our CI/CD pipelines, aligned with Agile methodologies, we ensure that security testing becomes an integral part of the software development lifecycle.
HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.
I used the solution to find vulnerabilities in our website and system. I did some regular checkups.
I use HCL AppScan in my company for application security scanning.
The solution is used for the vulnerabilities scan on the network side.
We use it for evaluating the application's code on web pages and previously published applications to identify vulnerabilities. It helps us to see how the code is written and how hard it is to find vulnerabilities. It's a useful tool for our purposes.
We primarily use the solution for static scans as well as dynamic scans to check for vulnerabilities.
I use the tool to scan the web interface.
We use HCL AppScan products to help us scan for vulnerabilities and generate reports to provide a foundation on how to fix any issues. Their 4.7 version facilitates machine learning to help us select APIs and customize our scans more specifically. We also use the HCL AppScan Standard Enterprise Source and Cloud for scanning, and we plan to add the HCL AppScan Switch Casing to our toolkit. This makes it easier for us to scan the internet and use Tenable to help us find any issues.
This is a primarily application security testing solution.
I mainly use AppScan for vulnerability scanning and database bridging.
I have a set project, and I'm writing an application for monitoring server status, and I tried several times to scan it with AppScan in order to understand if there are vulnerabilities in my code.
HCL AppScan is primarily used to improve application security. We are transitioning from DevOps to DevSecOps. We are attempting to integrate these tools into our CICD pipeline in order to meet our business use cases. And if we notice that the tool is missing any business features or a feature, we will highlight them and work to have them fixed or implemented. That is how we go about it. We don't go for any generic features because that will be handled by the product team. We are here to identify our gaps and then have them implemented by the vendor team. AppScan is only used for web scanning; we do not use it for anything else.
We primarily use the solution for static analysis.
We perform more dynamic scanning using AppScan. We set up a scan, perform it and get the results, and then give the results back to our customer. Within our organization, there are four members of the team who are using it. Currently, we are satisfied with AppScan but I am sure there are better alternatives available because this is a very old product. It's been on market for more than ten years now. I am sure there are a lot of new age products that are more scalable and cloud-based. Although we are using it and will probably continue to do so moving forward, I think there are better alternatives on the market now.
The primary use case is to detect time-based Blind SQL Injection attacks, as well as Error-Based Injection attacks. The SQL injection attack is my favorite and I have more expertise in this vulnerability.
External and internal web application vulnerability scan.
Our clients use it to try to find errors in base code, and also to find how solutions work together. I believe they have on-premise usage; they are local government, so they are not very used to using the cloud.