We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Guided Scan option allows us to easily scan and share reports."
"The most valuable feature is the static analysis."
"Good at scanning and finding vulnerabilities."
"The user interface is ok and it is very simple to use."
"The solution's technical support was very helpful."
"The solution is easy to use."
"It's a well-known platform for doing dynamic application scanning."
"The accuracy of its scans is great."
"The most valuable feature of the solution is the scanning or security part."
"AppScan is stable."
"This solution saves us time due to the low number of false positives detected."
"I like the recording feature."
"The solution offers services in a few specific development languages."
"We leverage it as a quality check against code."
"There's extensive functionality with custom rules and a custom knowledge base."
"We are now deploying less defects to production."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"The initial setup was complex."
"Lately, we've seen more false negatives."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"Scans become slow on large websites."
"The pricing has room for improvement."
"The penetration testing feature should be included."
"The solution could improve by having a mobile version."
"The databases for HCL are small and have room for improvement."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"AppScan is too complicated and should be made more user-friendly."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 39 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Fortify on Demand. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.