HCL AppScan Review

A low rate of false positives translates to a savings in time

What is our primary use case?

The primary use case is to detect time-based Blind SQL Injection attacks, as well as Error-Based Injection attacks. The SQL injection attack is my favorite and I have more expertise in this vulnerability.

How has it helped my organization?

This solution saves us time due to the low number of false positives detected. Other scanners have an issue with respect to reporting false positives.

What is most valuable?

The most valuable feature is that it achieves a very low false-positive detection rate.

What needs improvement?

While I did not identify any specific bugs in this application. I did find that sometimes a restart was needed to deal with unresponsiveness means when AppScan is in a hang situation, this happens usually when you select a large number of sources. 

IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.

For how long have I used the solution?

One to three years.

Which solution did I use previously and why did I switch?

We previously used Burp Suite. This application is best for static scanning.

How was the initial setup?


Which other solutions did I evaluate?

We also evaluated Acunetix and Nexpose.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More HCL AppScan reviews from users
...who work at a Government
...who compared it with Checkmarx
Find out what your peers are saying about HCL, Micro Focus, Veracode and others in Application Security. Updated: April 2021.
474,038 professionals have used our research since 2012.
Add a Comment