We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Technical support has been good."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"Good at scanning and finding vulnerabilities."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"The solution's technical support was very helpful."
"It's a well-known platform for doing dynamic application scanning."
"The user interface is ok and it is very simple to use."
"The solution is easy to use."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"We are now deploying less defects to production."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"Compared to other tools only AppScan supports special language."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"It was easy to set up."
"There's extensive functionality with custom rules and a custom knowledge base."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"We have often encountered scanning errors."
"We have had a problem with authentification."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"The initial setup was complex."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The scanner could be better."
"The pricing has room for improvement."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"There is not a central management for static and dynamic."
"Scans become slow on large websites."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"The solution could improve by having a mobile version."
"The product has some technical limitations."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 41 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and Qualys Web Application Scanning. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.