IBM Security AppScan Review

A low rate of false positives translates to a savings in time


What is our primary use case?

The primary use case is to detect time-based Blind SQL Injection attacks, as well as Error-Based Injection attacks. The SQL injection attack is my favorite and I have more expertise in this vulnerability.

How has it helped my organization?

This solution saves us time due to the low number of false positives detected. Other scanners have an issue with respect to reporting false positives.

What is most valuable?

The most valuable feature is that it achieves a very low false-positive detection rate.

What needs improvement?

While I did not identify any specific bugs in this application. I did find that sometimes a restart was needed to deal with unresponsiveness means when AppScan is in a hang situation, this happens usually when you select a large number of sources. 

IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.

For how long have I used the solution?

One to three years.

If you previously used a different solution, which one did you use and why did you switch?

We previously used Burp Suite. This application is best for static scanning.

How was the initial setup?

Complex

Which other solutions did I evaluate?

We also evaluated Acunetix and Nexpose.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email