We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"The most valuable feature is the static analysis."
"The user interface is ok and it is very simple to use."
"Guided Scan option allows us to easily scan and share reports."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"The solution's technical support was very helpful."
"AppScan is stable."
"The solution is cheap."
"The most valuable feature of the solution is the scanning or security part."
"It provides a better integration for our ecosystem."
"The most valuable feature of the solution is Postman."
"The solution offers services in a few specific development languages."
"The product has valuable features for static and dynamic testing."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"We have often encountered scanning errors."
"A localized version, for example, in Korean would be a big improvement to this solution."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"A desktop version should be added."
"The solution could improve by having a mobile version."
"The penetration testing feature should be included."
"IBM Security AppScan Source is rather hard to use."
"They have to improve support."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"AppScan is too complicated and should be made more user-friendly."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 41 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Qualys Web Application Scanning. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.