We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The accuracy of its scans is great."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"It is scalable and very easy to use."
"The user interface is ok and it is very simple to use."
"Good at scanning and finding vulnerabilities."
"The solution is easy to use."
"It's a well-known platform for doing dynamic application scanning."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The security and the dashboard are the most valuable features."
"The solution is cheap."
"The product has valuable features for static and dynamic testing."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It was easy to set up."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"The initial setup was complex."
"We have often encountered scanning errors."
"One thing I would like to see them introduce is a cloud-based platform."
"A localized version, for example, in Korean would be a big improvement to this solution."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"They have to improve support."
"The penetration testing feature should be included."
"It has crashed at times."
"The product has some technical limitations."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 41 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Qualys Web Application Scanning. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.