We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"Good at scanning and finding vulnerabilities."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The solution is easy to use."
"It is scalable and very easy to use."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"Guided Scan option allows us to easily scan and share reports."
"The accuracy of its scans is great."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The most valuable feature of the solution is Postman."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"It provides a better integration for our ecosystem."
"Compared to other tools only AppScan supports special language."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"Lately, we've seen more false negatives."
"We have had a problem with authentification."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"We have often encountered scanning errors."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"Fortify WebInspect's shortcoming stems from the fact that it is a very expensive product in Korea, which makes it difficult for its potential customers to introduce the product in their IT environment."
"Creating reports is very slow and it is something that should be improved."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"They could add a software component analysis tool."
"The databases for HCL are small and have room for improvement."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"One thing which I think can be improved is the CI/CD Integration"
"The pricing has room for improvement."
"Many silly false positives are produced."
"AppScan is too complicated and should be made more user-friendly."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 40 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Qualys Web Application Scanning. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.