The primary use case is to detect time-based Blind SQL Injection attacks, as well as Error-Based Injection attacks. The SQL injection attack is my favorite and I have more expertise in this vulnerability.
HCL AppScan Review
A low rate of false positives translates to a savings in time
What is our primary use case?
How has it helped my organization?
This solution saves us time due to the low number of false positives detected. Other scanners have an issue with respect to reporting false positives.
What is most valuable?
The most valuable feature is that it achieves a very low false-positive detection rate.
What needs improvement?
While I did not identify any specific bugs in this application. I did find that sometimes a restart was needed to deal with unresponsiveness means when AppScan is in a hang situation, this happens usually when you select a large number of sources.
IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.
For how long have I used the solution?
One to three years.
Which solution did I use previously and why did I switch?
We previously used Burp Suite. This application is best for static scanning.
How was the initial setup?
Complex
Which other solutions did I evaluate?
We also evaluated Acunetix and Nexpose.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 15 2019
Author
Shaikh Jamal Uddin
Senior Information Security Consultant at Secure Coat
Consultant
Top 5LeaderboardHighlights
Pros
This solution saves us time due to the low number of false positives detected.
Cons
IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.