The primary use case is to detect time-based Blind SQL Injection attacks, as well as Error-Based Injection attacks. The SQL injection attack is my favorite and I have more expertise in this vulnerability.
HCL AppScan Review
A low rate of false positives translates to a savings in time
What is our primary use case?
How has it helped my organization?
This solution saves us time due to the low number of false positives detected. Other scanners have an issue with respect to reporting false positives.
What is most valuable?
The most valuable feature is that it achieves a very low false-positive detection rate.
What needs improvement?
While I did not identify any specific bugs in this application. I did find that sometimes a restart was needed to deal with unresponsiveness means when AppScan is in a hang situation, this happens usually when you select a large number of sources.
IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.
For how long have I used the solution?
One to three years.
Which solution did I use previously and why did I switch?
We previously used Burp Suite. This application is best for static scanning.
How was the initial setup?
Complex
Which other solutions did I evaluate?
We also evaluated Acunetix and Nexpose.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 15 2019
More HCL AppScan reviews from users
Find out what your peers are saying about HCL, Micro Focus, Veracode and others in Application Security. Updated: April 2021.
474,038 professionals have used our research since 2012.
Author
Shaikh Jamal Uddin
Cybersecurity Architecture and Technology Lead at Appxone
Consultant
Top 5Highlights
Pros
This solution saves us time due to the low number of false positives detected.
Cons
IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.
Popular Comparisons
SonarQube
Veracode
Micro Focus Fortify on Demand
Checkmarx
OWASP Zap
Fortify WebInspect
PortSwigger Burp Suite Professional
Qualys Web Application Scanning
Netsparker Web Application Security Scanner
Acunetix Vulnerability Scanner
WhiteSource
Rapid7 AppSpider
Visual Studio Test Professional
Contrast Security Assess
Coverity
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about HCL, Micro Focus, Veracode, and more!
Quick Links
Learn More: Questions:
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- How was the 2020 Twitter Hack carried out? How could it have been prevented?
- Is SonarQube the best tool for static analysis?
- SAST vs. DAST: Which is better for application security testing?
- What are the OWASP top 10 in 2020?