We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The security and the dashboard are the most valuable features."
"Compared to other tools only AppScan supports special language."
"The solution is easy to use."
"Technical support is helpful."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The solution offers services in a few specific development languages."
"We are now deploying less defects to production."
"I like the recording feature."
"The solution has tightened our security."
"The ZAP scan and code crawler are valuable features."
"The API is exceptional."
"Simple to use, good user interface."
"Simple and easy to learn and master."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The vulnerabilities that it finds, because the primary goal is to secure applications and websites."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"There is room for improvement in the pricing model."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"Scans become slow on large websites."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"The pricing has room for improvement."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"It has crashed at times."
"There are too many false positives."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"Reporting format has no output, is cluttered and very long."
"If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"Sometimes, we get some false positives."
HCL AppScan is ranked 11th in Static Application Security Testing (SAST) with 41 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. HCL AppScan is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify on Demand, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Fortify on Demand. See our HCL AppScan vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.