HCL AppScan Review

Contributes to maturity of our AppSec risk management, but Web Services testing is basic


What is our primary use case?

Our use case is that we always test our applications with AppScan before going to the production side. We have been using it for many years. It's honestly one of the best products in the application security the portfolio.

We aren't using it on the cloud.

How has it helped my organization?

It has contributed to the maturity of our AppSec risk management program. I would rate that maturity level as eight out of 10. The testing part of your application's security is very valuable. You can't avoid that.

Applications are the faces of companies to the world. How much your application is secure equals how much your brand is secure. AppScan is a very major part of of the story.

We don't use it to test open-source code.

What is most valuable?

There's a recording feature that I really like. You pass through the login pages. If you record the login part, it becomes very fast with the solution.

What needs improvement?

It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good.

What do I think about the stability of the solution?

We experienced some performance problems at times, but it's actually not about the application. It depends on the hardware you use, the power of the CPUs, memory, nothing except that.

What do I think about the scalability of the solution?

In terms of scalability, we don't need much. So I can't really answer this question.

How is customer service and technical support?

I like IBM technical support as a whole. It was a really good experience.

What other advice do I have?

When selecting a vendor we look for 

  • a global brand
  • support
  • user friendliness
  • cost, and the license models.

I would recommend AppScan.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email