We performed a comparison between Fortify Application Defender and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool's most valuable feature is software composition analysis. This feature works well with my .NET applications, providing a better understanding of library vulnerabilities."
"The product saves us cost and time."
"Its ability to find security defects is valuable."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
"The information from Fortify Application Defender on how to fix and solve issues is very good compared to other solutions."
"The solution helped us to improve the code quality of our organization."
"Fortify Application Defender's most valuable features are machine learning algorithms, real-time remediation, and automatic vulnerability notifications."
"We are now deploying less defects to production."
"This is a stable solution."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The solution offers services in a few specific development languages."
"The product has valuable features for static and dynamic testing."
"It was easy to set up."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The false positive rate should be lower."
"I encountered many false positives for Python applications."
"The solution is quite expensive."
"Fortify Application Defender gives a lot of false positives."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"The workbench is a little bit complex when you first start using it."
"Fortify Application Defender could improve by supporting more code languages, such as GRAAS and Groovy."
"Support for older compilers/IDEs is lacking."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"They could add a software component analysis tool."
"IBM Security AppScan Source is rather hard to use."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"AppScan is too complicated and should be made more user-friendly."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
Fortify Application Defender is ranked 30th in Application Security Tools with 11 reviews while HCL AppScan is ranked 14th in Application Security Tools with 41 reviews. Fortify Application Defender is rated 7.8, while HCL AppScan is rated 7.8. The top reviewer of Fortify Application Defender writes "Useful for fast code review in devOps pipelines ". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify Application Defender is most compared with Checkmarx One, CAST Application Intelligence Platform, Coverity, SonarQube and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap. See our Fortify Application Defender vs. HCL AppScan report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.