We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The reporting part is the most valuable feature."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"We leverage it as a quality check against code."
"We use it as a security testing application."
"The solution offers services in a few specific development languages."
"The static scans are good, and the SaaS as well."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester."
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"It is scalable and quick to deploy into the site and the pipelines. The reports and analytics are good, and the false positive rate is low. It gives true results."
"We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes."
"Good static analysis and dynamic analysis."
"You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs."
"The solution can scan old databases and old code written 20 years back."
"The solution is stable. we've never had any issues surrounding its stability."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"HCL AppScan needs to improve security."
"IBM Security AppScan Source is rather hard to use."
"Sometimes it doesn't work so well."
"The pricing has room for improvement."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"It would be ideal if it was able to demonstrate higher levels of cybersecurity certifications like becoming FedRAMP compliant or working in those areas."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"The language version support could be improved."
"There are certain shortcomings in Veracode's static analysis engine. I would improve Veracode's static analysis engine to make it capable of identifying vulnerabilities with low false positives."
"The scanning process for records could be faster and there is room for improvement in Veracode's performance."
"The static analysis is prone to a lot of false positives. But that's how it is with most static analysis tools... Also, the static analysis can sometimes take a little while. The time that it takes to do a scan should be improved."
"There is room for improvement in documentation."
"Another thing I need is continued support for the new languages today that are popular. Most of them are scripting languages more so than real, fourth-generation, commercial grade stuff; we're evolving. Most applications are using so much open-source that, quite frankly, it would be great to see Veracode, or anybody else, extend their platform to where they are able to help secure open-source platforms or repositories."
HCL AppScan is ranked 15th in Application Security Tools with 41 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. HCL AppScan is rated 7.8, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". HCL AppScan is most compared with SonarQube, Acunetix, OWASP Zap, PortSwigger Burp Suite Professional and Checkmarx One, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and GitLab. See our HCL AppScan vs. Veracode report.
See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.