We performed a comparison between HCL AppScan and PortSwigger Burp Suite Professional based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We leverage it as a quality check against code."
"There's extensive functionality with custom rules and a custom knowledge base."
"This solution saves us time due to the low number of false positives detected."
"This is a stable solution."
"I like the recording feature."
"It was easy to set up."
"The product has valuable features for static and dynamic testing."
"The reporting part is the most valuable feature."
"The most valuable feature of PortSwigger Burp Suite Professional is the Burp Intruder tool."
"I personally love its capability to automatically and accurately detect vulnerabilities. So, I would say it is the Burp scanner that is THE most powerful, valuable, and an awesome feature."
"The extension that it provides with the community version for the skills mapping is excellent."
"I am impressed with the tool's detailed analysis for penetration testing. AppScan can give only visibility, but it can't do the PT part. But the PortSwigger Burp Application can do both, and it gives much more visibility on the PT rating."
"It is a time-saver application."
"The active scanner, which does an automated search of any web vulnerabilities."
"You can download different plugins if you don't have them in the standard edition."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"Many silly false positives are produced."
"There is room for improvement in the pricing model."
"The product has some technical limitations."
"They should have a better UI for dashboards."
"IBM Security AppScan Source is rather hard to use."
"A desktop version should be added."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"One thing that is not up to the mark in PortSwigger is web application testing. I found some issues with its performance and reporting. They should work on these and give us a better outcome."
"The solution’s pricing could be improved."
"In the Professional version, we cannot link it with the CI/CD process."
"Improvement should be done as per the requirements of customers."
"The scanner and crawler need to be improved."
"You can have many false positives in Burp Suite. It depends on the scale of the penetration testing."
"Sometimes the solution can run a little slow."
"The biggest improvement that I would like to see from PortSwigger that today many people see as an issue in their testing. There might be a feature which might be desired."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while PortSwigger Burp Suite Professional is ranked 9th in Application Security Tools with 57 reviews. HCL AppScan is rated 7.8, while PortSwigger Burp Suite Professional is rated 8.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of PortSwigger Burp Suite Professional writes "The solution is versatile and easy to deploy, but it needs to give more detailed security reports". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Checkmarx One, whereas PortSwigger Burp Suite Professional is most compared with OWASP Zap, Fortify WebInspect, Acunetix, Qualys Web Application Scanning and SonarQube. See our HCL AppScan vs. PortSwigger Burp Suite Professional report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.