We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The static scans are good, and the SaaS as well."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The reporting part is the most valuable feature."
"The security and the dashboard are the most valuable features."
"The most valuable feature of the solution is the scanning or security part."
"The solution is easy to use."
"The API is exceptional."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"You can run it against multiple targets."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"Simple to use, good user interface."
"Fuzzer and Java APIs help a lot with our custom needs."
"The stability of the solution is very good."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"A desktop version should be added."
"It has crashed at times."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"The databases for HCL are small and have room for improvement."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The product has some technical limitations."
"The solution is somewhat unreliable because after we get the finding, we have to manually verify each of its findings to see whether it's a false positive or a true finding, and it takes time."
"Too many false positives; test reports could be improved."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"There are too many false positives."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"The automated vulnerability assessments that the application performs needs to be simplified as well as diversified."
"The documentation needs to be improved because I had to learn everything from watching YouTube videos."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
HCL AppScan is ranked 12th in Application Security Testing (AST) with 19 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 13 reviews. HCL AppScan is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes "A useful tool to scan applications that can be easily installed". On the other hand, the top reviewer of OWASP Zap writes "Stable dynamic testing solution with unreliable manual processes". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Fortify WebInspect and PortSwigger Burp Suite Professional, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and SonarCloud. See our HCL AppScan vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.