We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"The most valuable feature is the static analysis."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The accuracy of its scans is great."
"The solution is easy to use."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"The most valuable feature of this solution is the ability to make our customers more secure."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"I like the recording feature."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"Compared to other tools only AppScan supports special language."
"Technical support is helpful."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"A localized version, for example, in Korean would be a big improvement to this solution."
"We have often encountered scanning errors."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"Lately, we've seen more false negatives."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"They have to improve support."
"The solution could improve by having a mobile version."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"The pricing has room for improvement."
"One thing which I think can be improved is the CI/CD Integration"
"The databases for HCL are small and have room for improvement."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 41 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Qualys Web Application Scanning. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.