We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of the solution is Postman."
"Compared to other tools only AppScan supports special language."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The security and the dashboard are the most valuable features."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"Technical support is helpful."
"I like the recording feature."
"The reporting part is the most valuable feature."
"Automatic scanning is a valuable feature and very easy to use."
"The solution has tightened our security."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"It updates repositories and libraries quickly."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The ZAP scan and code crawler are valuable features."
"They should have a better UI for dashboards."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"Many silly false positives are produced."
"There is not a central management for static and dynamic."
"There is room for improvement in the pricing model."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"The databases for HCL are small and have room for improvement."
"There's very little documentation that comes with OWASP Zap."
"Reporting format has no output, is cluttered and very long."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"Online documentation can be improved to utilize all features of ZAP and API methods to make use in automation."
"There isn't too much information about it online."
"The forced browse has been incorporated into the program and it is resource-intensive."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
HCL AppScan is ranked 12th in Application Security Testing (AST) with 40 reviews while OWASP Zap is ranked 7th in Application Security Testing (AST) with 37 reviews. HCL AppScan is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Checkmarx One, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, PortSwigger Burp Suite Professional and Fortify on Demand. See our HCL AppScan vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.