• Home
  • HCL AppScan vs. OWASP Zap

HCL AppScan vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
HCLTech Logo
HCL AppScan
Read 40 HCL AppScan reviews
5,494 views|4,213 comparisons
82% willing to recommend
OWASP Logo
OWASP Zap
Read 37 OWASP Zap reviews
20,743 views|9,827 comparisons
87% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
HCL AppScan vs. OWASP Zap
May 2024
Executive Summary

We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed HCL AppScan vs. OWASP Zap Report (Updated: May 2024).
Download the complete report
769,789 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched OWASP Zap but chose HCL AppScan: Improves application security, identifies gaps, and performs well
Delmain Deyzel
Enables to perform general health checks and ensure the sites are secure
The solution helped identify attacks like Cross-site Scripting and SQL Injection. We can perform general health checks to see if the site is... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of the solution is Postman.""Compared to other tools only AppScan supports special language.""Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.""The security and the dashboard are the most valuable features.""It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy.""Technical support is helpful.""I like the recording feature.""The reporting part is the most valuable feature."

More HCL AppScan Pros →

"Automatic scanning is a valuable feature and very easy to use.""The solution has tightened our security.""Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high.""The community edition updates services regularly. They add new vulnerabilities into the scanning list.""It updates repositories and libraries quickly.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube.""The ZAP scan and code crawler are valuable features."

More OWASP Zap Pros →

Cons
"They should have a better UI for dashboards.""The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper.""Many silly false positives are produced.""There is not a central management for static and dynamic.""There is room for improvement in the pricing model.""IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.""The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed.""The databases for HCL are small and have room for improvement."

More HCL AppScan Cons →

"There's very little documentation that comes with OWASP Zap.""Reporting format has no output, is cluttered and very long.""It would be a great improvement if they could include a marketplace to add extra features to the tool.""Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation.""There isn't too much information about it online.""The forced browse has been incorporated into the program and it is resource-intensive.""The documentation needs to be improved because I had to learn everything from watching YouTube videos.""It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • "The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

    • More HCL AppScan Pricing and Cost Advice →

  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."

    • More OWASP Zap Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    See Recommendations
    769,789 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about HCL AppScan?
    Top Answer:The product has valuable features for static and dynamic testing.
    Read all 17 answers   →
    What needs improvement with HCL AppScan?
    Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify… more »
    Read all 20 answers   →
    What is your primary use case for HCL AppScan?
    Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.
    Read all 18 answers   →
    Is OWASP Zap better than PortSwigger Burp Suite Pro?
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Read all 3 answers   →
    What do you like most about OWASP Zap?
    Top Answer:The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's… more »
    Read all 28 answers   →
    What is your experience regarding pricing and costs for OWASP Zap?
    Top Answer:The tool is open source.
    Read all 16 answers   →
    Ranking
    12th
    out of 67 in Application Security Testing (AST)
    Views
    5,494
    Comparisons
    4,213
    Reviews
    16
    Average Words per Review
    351
    Rating
    7.2
    7th
    out of 67 in Application Security Testing (AST)
    Views
    20,743
    Comparisons
    9,827
    Reviews
    12
    Average Words per Review
    392
    Rating
    7.6
    Comparisons
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Learn More
    HCLTech
    OWASP
    Overview

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Sample Customers
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    REVIEWERS
    Government15%
    Transportation Company15%
    Manufacturing Company10%
    Insurance Company10%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Government10%
    Manufacturing Company9%
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government7%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise13%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise13%
    Large Enterprise71%
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    HCL AppScan vs. OWASP Zap
    May 2024
    Free Report: HCL AppScan vs. OWASP Zap
    Find out what your peers are saying about HCL AppScan vs. OWASP Zap and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    769,789 professionals have used our research since 2012.

    HCL AppScan is ranked 12th in Application Security Testing (AST) with 40 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. HCL AppScan is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Checkmarx One, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Fortify on Demand. See our HCL AppScan vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.