Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features. Additionally, improving marketing efforts could help raise awareness about AppScan's features and benefits, especially for external teams beyond just internal use.
Cyber Security Architect and Presales Consultant at Kyndryl
Reseller
Top 10
2024-01-16T08:03:08Z
Jan 16, 2024
They could add a software component analysis tool. Additionally, it could cater to the areas related to scanning container packages and images in the repository.
Scientific Officer at a tech services company with 51-200 employees
Real User
Top 20
2023-12-27T09:06:00Z
Dec 27, 2023
HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify application security vulnerabilities. However, sometimes AppScan wrongly flags something as a vulnerability when it's not present, which we call a false positive.
Maybe having some APIs could be helpful. If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly. It would be helpful if the tool had some API gateway that would allow me to run some custom queries.
Senior Manager - IT Security & ISMS at Ericsson
Real User
Top 5
2023-04-25T11:21:11Z
Apr 25, 2023
The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper.
I do not have any notes for improvements. They should have a better UI for dashboards. It would be nice to have visualizations such as pie charts. This would help administrators and be more of a value-add.
Software Engineer at Inspire for Solutions Development
Real User
Top 5
2023-02-06T15:07:10Z
Feb 6, 2023
As a developer who has been studying and working in the security product industry for several years, I have been impressed by HCL's progress. Although the cost of their product is competitive, I believe they could make it even better by increasing their database size. Companies like Tenable have much larger databases when it comes to vulnerabilities and portals, and even though HCL is connected with other vendors such as Microsoft, their database is not as expansive. The databases for HCL are small and have room for improvement. HCL already has four solutions: Standard, Enterprise, Open Source, and the Cloud. Perhaps in a future release, HCL can add AI products. Manual work would be made easier with artificial intelligence. Maybe HCL could develop an AI program for scanning.
We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated. The weaknesses of this solution include integration ability, the interface and the quality of the output. It lacks a lot of features if you compare it with Fortify, Veracode or Coverity. It is not possible to integrate with the CI/CD pipeline as cloud-native functionalities are not supported.
Innovation manager at a computer software company with 51-200 employees
Real User
2022-05-05T16:28:25Z
May 5, 2022
The performance could be better. Sometimes it doesn't work so well. There's a tool for connecting the cloud with the application server. Sometimes it doesn't work really well. I have not come across any missing features.
Principal Architect, Application Build Security. at a transportation company with 10,001+ employees
Real User
2022-01-19T14:46:24Z
Jan 19, 2022
The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved. We always raise that as an announcement request because statistics gathering or management reports based on statistics are quite important. that is the only generic feature that we always request from the product team. The standard response is "Yes, it is in the pipeline, we will take a look." We would like to see all of the results in the same product. However, specific products for a specific test are available on the market. For example, you cannot upload the task report to the DAST report dashboard and instead request that the product team or vendor team create a sophisticated dashboard for that. Definitely, they will say "No, it is not possible because you have a DAST tool on the market. Go and purchase that. It will have your dashboard. If you're a DevSecOps team, and you ask me I would like to see all of the reports uploaded and collaborated on the same dashboard of the particular product. This is the reason we are using an open-sourced vulnerable management tool.
Senior Manager, IT Test Automation Engineering at a outsourcing company with 10,001+ employees
Real User
2021-02-17T00:01:13Z
Feb 17, 2021
They have to improve support. Their support before, when it was IBM, was very good technical support. However, now, it's very bad. They could add more language coverage. They don't cover so many development languages. They really should be covering more. If they did, it would be a huge improvement.
Owner/ Consultant at a tech services company with 1-10 employees
Consultant
2020-12-07T14:45:36Z
Dec 7, 2020
The solution often has a high number of false positives. It's an aspect they really need to improve upon. The product has vulnerabilities, or findings, that are almost identical in nature.
General Manager at a consultancy with 51-200 employees
Real User
2020-11-04T15:21:44Z
Nov 4, 2020
There are some false positives, which need to be removed, but this is common with all types of scanners. One thing which I think can be improved is the CI/CD Integration. There is a CI/CD Integration model, but I guess they are deliberately not using it currently. There are challenges when integrating AppScan with CI/CD because sometimes the activation plus the login mechanism provided doesn't work properly. Sometimes a login mechanism fails and then the whole scan fails. It's difficult to integrate with CI/CD.
Cybersecurity Architecture and Technology Lead at Appxone
Consultant
Top 20
2019-05-04T05:40:00Z
May 4, 2019
While I did not identify any specific bugs in this application. I did find that sometimes a restart was needed to deal with unresponsiveness means when AppScan is in a hang situation, this happens usually when you select a large number of sources. IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities.
Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features. Additionally, improving marketing efforts could help raise awareness about AppScan's features and benefits, especially for external teams beyond just internal use.
They could add a software component analysis tool. Additionally, it could cater to the areas related to scanning container packages and images in the repository.
HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify application security vulnerabilities. However, sometimes AppScan wrongly flags something as a vulnerability when it's not present, which we call a false positive.
It would have been better if we could use it on our desktop. A desktop version should be added.
Maybe having some APIs could be helpful. If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly. It would be helpful if the tool had some API gateway that would allow me to run some custom queries.
The penetration testing feature should be included.
The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper.
I do not have any notes for improvements. They should have a better UI for dashboards. It would be nice to have visualizations such as pie charts. This would help administrators and be more of a value-add.
The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed.
As a developer who has been studying and working in the security product industry for several years, I have been impressed by HCL's progress. Although the cost of their product is competitive, I believe they could make it even better by increasing their database size. Companies like Tenable have much larger databases when it comes to vulnerabilities and portals, and even though HCL is connected with other vendors such as Microsoft, their database is not as expansive. The databases for HCL are small and have room for improvement. HCL already has four solutions: Standard, Enterprise, Open Source, and the Cloud. Perhaps in a future release, HCL can add AI products. Manual work would be made easier with artificial intelligence. Maybe HCL could develop an AI program for scanning.
We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated. The weaknesses of this solution include integration ability, the interface and the quality of the output. It lacks a lot of features if you compare it with Fortify, Veracode or Coverity. It is not possible to integrate with the CI/CD pipeline as cloud-native functionalities are not supported.
AppScan is too complicated and should be made more user-friendly.
The performance could be better. Sometimes it doesn't work so well. There's a tool for connecting the cloud with the application server. Sometimes it doesn't work really well. I have not come across any missing features.
The solution could improve by having a mobile version.
The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved. We always raise that as an announcement request because statistics gathering or management reports based on statistics are quite important. that is the only generic feature that we always request from the product team. The standard response is "Yes, it is in the pipeline, we will take a look." We would like to see all of the results in the same product. However, specific products for a specific test are available on the market. For example, you cannot upload the task report to the DAST report dashboard and instead request that the product team or vendor team create a sophisticated dashboard for that. Definitely, they will say "No, it is not possible because you have a DAST tool on the market. Go and purchase that. It will have your dashboard. If you're a DevSecOps team, and you ask me I would like to see all of the reports uploaded and collaborated on the same dashboard of the particular product. This is the reason we are using an open-sourced vulnerable management tool.
They have to improve support. Their support before, when it was IBM, was very good technical support. However, now, it's very bad. They could add more language coverage. They don't cover so many development languages. They really should be covering more. If they did, it would be a huge improvement.
The solution often has a high number of false positives. It's an aspect they really need to improve upon. The product has vulnerabilities, or findings, that are almost identical in nature.
There are some false positives, which need to be removed, but this is common with all types of scanners. One thing which I think can be improved is the CI/CD Integration. There is a CI/CD Integration model, but I guess they are deliberately not using it currently. There are challenges when integrating AppScan with CI/CD because sometimes the activation plus the login mechanism provided doesn't work properly. Sometimes a login mechanism fails and then the whole scan fails. It's difficult to integrate with CI/CD.
While I did not identify any specific bugs in this application. I did find that sometimes a restart was needed to deal with unresponsiveness means when AppScan is in a hang situation, this happens usually when you select a large number of sources. IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.
It would be nice to be able to specify the parameter values used in the login sequence function.
I believe there are improvements that can be made, but I'm not aware of those kinds of things.