HCL AppScan vs OWASP Zap Comparison 2024

HCL AppScan

OWASP Zap

HCL AppScan

Read 41 HCL AppScan reviews

5,387 views|4,135 comparisons

OWASP Zap

Read 37 OWASP Zap reviews

20,009 views|9,187 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

HCL AppScan vs. OWASP Zap

May 2024

Executive Summary

We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed HCL AppScan vs. OWASP Zap Report (Updated: May 2024).

Download the complete report

772,679 professionals have used our research since 2012.

Featured Review

Anonymous User

Principal Architect, Application Build Security. at a transportation company

Researched OWASP Zap but chose HCL AppScan: Improves application security, identifies gaps, and performs well

OluwatosinAina

Consultant

A cost-effective and dynamic application security testing tool, but the product reporting could be better

The product has improved our application security engagement. It helps with our in-house review and sometimes, we don't need an external... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"The security and the dashboard are the most valuable features.""Compared to other tools only AppScan supports special language.""The solution is easy to use.""Technical support is helpful.""It has certainly helped us find vulnerabilities in our software, so this is priceless in the end.""The solution offers services in a few specific development languages.""We are now deploying less defects to production.""I like the recording feature."

More HCL AppScan Pros →

"The solution has tightened our security.""The ZAP scan and code crawler are valuable features.""The API is exceptional.""Simple to use, good user interface.""Simple and easy to learn and master.""The product helps users to scan and fix vulnerabilities in the pipeline.""ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube.""The vulnerabilities that it finds, because the primary goal is to secure applications and websites."

More OWASP Zap Pros →

Cons

"We would like to integrate with some of the other reporting tools that we're planning to use in the future.""There is room for improvement in the pricing model.""I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.""Scans become slow on large websites.""I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources.""The pricing has room for improvement.""In future releases, I would like to see more aggressive reports. I would also like to see less false positives.""It has crashed at times."

More HCL AppScan Cons →

"There are too many false positives.""I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created.""Reporting format has no output, is cluttered and very long.""If there was an easier to understand exactly what has been checked and what has not been checked, it would make this solution better. We have to trust that it has checked all known vulnerabilities but it's a bit hard to see after the scanning.""The automated vulnerability assessments that the application performs needs to be simplified as well as diversified.""Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation.""I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help.""Sometimes, we get some false positives."

More OWASP Zap Cons →

Pricing and Cost Advice

"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."

"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."

"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."

"HCL AppScan is expensive."

"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."

"The price is very expensive."

"The solution is moderately priced."

"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

More HCL AppScan Pricing and Cost Advice →

"It is highly recommended as it is an open source tool."

"It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."

"OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."

"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."

"It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."

"OWASP Zap is free to use."

"This app is completely free and open source. So there is no question about any pricing."

"This is an open-source solution and can be used free of charge."

More OWASP Zap Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.

See Recommendations

772,679 professionals have used our research since 2012.

Questions from the Community

What do you like most about HCL AppScan?

Top Answer:The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.

Read all 18 answers →

What needs improvement with HCL AppScan?

Top Answer:Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its… more »

Read all 21 answers →

What is your primary use case for HCL AppScan?

Top Answer:I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for… more »

Read all 19 answers →

Is OWASP Zap better than PortSwigger Burp Suite Pro?

Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »

Read all 3 answers →

What do you like most about OWASP Zap?

Top Answer:The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's… more »

Read all 28 answers →

What is your experience regarding pricing and costs for OWASP Zap?

Top Answer:The tool is open source.

Read all 16 answers →

Ranking

11th

out of 71 in Static Application Security Testing (SAST)

Views

5,387

Comparisons

4,135

Reviews

Average Words per Review

346

Rating

7.5

8th

out of 71 in Static Application Security Testing (SAST)

Views

20,009

Comparisons

9,187

Reviews

Average Words per Review

392

Rating

7.6

Comparisons

SonarQube vs. HCL AppScan

Compared 16% of the time.

Veracode vs. HCL AppScan

Compared 12% of the time.

Acunetix vs. HCL AppScan

Compared 11% of the time.

PortSwigger Burp Suite Professional vs. HCL AppScan

Compared 8% of the time.

Fortify on Demand vs. HCL AppScan

Compared 7% of the time.

More HCL AppScan Competitors →

SonarQube vs. OWASP Zap

Compared 21% of the time.

Acunetix vs. OWASP Zap

Compared 13% of the time.

Qualys Web Application Scanning vs. OWASP Zap

Compared 11% of the time.

Veracode vs. OWASP Zap

Compared 9% of the time.

Fortify on Demand vs. OWASP Zap

Compared 4% of the time.

More OWASP Zap Competitors →

Also Known As

IBM Security AppScan, Rational AppScan, AppScan

Learn More

HCLTech

OWASP

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

OWASP Zap is a free and open-source web application security scanner.

The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues.

With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS

Top Industries

REVIEWERS

Government15%

Transportation Company15%

Manufacturing Company10%

Insurance Company10%

VISITORS READING REVIEWS

Computer Software Company18%

Financial Services Firm15%

Government10%

Manufacturing Company9%

REVIEWERS

Computer Software Company25%

Financial Services Firm15%

Retailer10%

Energy/Utilities Company10%

VISITORS READING REVIEWS

Computer Software Company18%

Financial Services Firm10%

Government7%

Manufacturing Company7%

Company Size

REVIEWERS

Small Business24%

Midsize Enterprise13%

Large Enterprise63%

VISITORS READING REVIEWS

Small Business16%

Midsize Enterprise12%

Large Enterprise72%

REVIEWERS

Small Business22%

Midsize Enterprise30%

Large Enterprise49%

VISITORS READING REVIEWS

Small Business21%

Midsize Enterprise15%

Large Enterprise64%

HCL AppScan vs OWASP Zap comparison