We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are now deploying less defects to production."
"I like the recording feature."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"Technical support is helpful."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It allows us to prove our security levels to vendors, and additionally helps us with our HIPAA security policies."
"The recommendations and frequent updates are the most valuable features of Veracode."
"The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications."
"It changes the DevSecOps process because we find flaws much earlier in the development life cycle, and we also spot third-party software that we don't allow on developers' machines."
"Code analysis tool to help identify code issues before entered into production."
"The most valuable feature is detecting security vulnerabilities in the project."
"The benefits are quick discovery and understanding of software vulnerabilities that we are putting in our own code. By discovering them quickly enough, we can triage them and determine the best ways to remediate them and prevent them from happening in the future."
"The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those consultation calls, schedule them in the platform, and have that discussion with an applications expert, that process scales well and that is what has allowed a lot more reduction of risk to happen."
"There is room for improvement in the pricing model."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"A desktop version should be added."
"They should have a better UI for dashboards."
"The pricing has room for improvement."
"They could add a software component analysis tool."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"We would like the consolidation of all the different modules. This would help, so then we would be able to see analytics and results on one screen, like a single pane of glass."
"It can have more APIs and capabilities to handle other things well. We were doing a trial for it. There were two things that I looked at: one was uploading some Java-related content and the other was uploading database SQL files and having the review done on the quarterback. The Java portion of it worked fine, and it was pretty seamless, but the database portion was not. We uploaded some files to use for vulnerabilities, and the tell-all portion of it was pretty easy. We uploaded a war file and Java files, and we got the reports back on these. They were pretty clear to understand. We did the same thing for the database portion for the most part. However, the content wasn't getting uploaded in a predictable fashion, and it was slow and hard to get done. We had to do it over and over. After it indicated that the content was uploaded, there were no results. There were zero search findings. It was possibly a user error, something that we didn't do correctly, but they had acknowledged that it was something they were currently enhancing. This is something that could be made easier if they haven't already done that. I don't know how many releases they've had in that timeframe. I haven't looked at it since then. It was a trial period."
"The sandbox could use some improvement; when creating a sandbox, it requires us to put the application name in twice, which seems unnecessary."
"Scanning large amounts of code can be a time-consuming process and there is scope for improvement."
"Veracode does not support scans for .NET Blazor server applications."
"A high number of false positives are reported and this should be reduced."
"Veracode needs to improve its integration with other tools."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. HCL AppScan is rated 7.6, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". HCL AppScan is most compared with SonarQube, Acunetix, Checkmarx One, PortSwigger Burp Suite Professional and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and Mend.io. See our HCL AppScan vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.