HCL AppScan vs OWASP Zap Comparison 2024

HCL AppScan

OWASP Zap

HCL AppScan

Read 39 HCL AppScan reviews

5,630 views|4,307 comparisons

OWASP Zap

Read 37 OWASP Zap reviews

21,564 views|10,271 comparisons

Comparison Buyer's Guide

Download the complete report

Buyer's Guide

HCL AppScan vs. OWASP Zap

March 2024

Executive Summary

We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed HCL AppScan vs. OWASP Zap Report (Updated: March 2024).

Download the complete report

768,740 professionals have used our research since 2012.

Featured Review

Anonymous User

Principal Architect, Application Build Security. at a transportation company

Researched OWASP Zap but chose HCL AppScan: Improves application security, identifies gaps, and performs well

Anonymous User

Cyber Security Engineer at a transportation company

Good functionality and works well with Portswigger Burp but it needs to add more extensions

It helps that we can use it hand in hand with Portswigger Burp. Since each have scanning capabilities, we can use them together and leverage... Read more →

Quotes From Members

We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:

Pros

"The product is useful, particularly in its sensitivity and scanning capabilities.""It provides a better integration for our ecosystem.""It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy.""There's extensive functionality with custom rules and a custom knowledge base.""This is a stable solution.""We are now deploying less defects to production.""The security and the dashboard are the most valuable features.""AppScan is stable."

More HCL AppScan Pros →

"The solution is good at reporting the vulnerabilities of the application.""The interface is easy to use.""The product discovers more vulnerabilities compared to other tools.""It can be used effectively for internal auditing.""The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult.""We use the solution for security testing.""Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope.""Simple to use, good user interface."

More OWASP Zap Pros →

Cons

"The penetration testing feature should be included.""I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers.""We would like to integrate with some of the other reporting tools that we're planning to use in the future.""There are so many lines of code with so many different categories that I am likely to get lost. ""I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources.""AppScan is too complicated and should be made more user-friendly.""The solution often has a high number of false positives. It's an aspect they really need to improve upon.""A desktop version should be added."

More HCL AppScan Cons →

"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed.""It would be a great improvement if they could include a marketplace to add extra features to the tool.""It doesn't run on absolutely every operating system.""I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help.""There's very little documentation that comes with OWASP Zap.""There isn't too much information about it online.""They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better.""The product should allow users to customize the report based on their needs."

More OWASP Zap Cons →

Pricing and Cost Advice

"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."

"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."

"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."

"HCL AppScan is expensive."

"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."

"The price is very expensive."

"The solution is moderately priced."

"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

More HCL AppScan Pricing and Cost Advice →

"It is highly recommended as it is an open source tool."

"It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."

"OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."

"As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."

"It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."

"OWASP Zap is free to use."

"This app is completely free and open source. So there is no question about any pricing."

"This is an open-source solution and can be used free of charge."

More OWASP Zap Pricing and Cost Advice →

See Which Vendors Are Best For You

Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.

See Recommendations

768,740 professionals have used our research since 2012.

Questions from the Community

What do you like most about HCL AppScan?

Top Answer:The product has valuable features for static and dynamic testing.

Read all 17 answers →

What needs improvement with HCL AppScan?

Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify… more »

Read all 20 answers →

What is your primary use case for HCL AppScan?

Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.

Read all 18 answers →

Is OWASP Zap better than PortSwigger Burp Suite Pro?

Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »

Read all 3 answers →

What do you like most about OWASP Zap?

Top Answer:The ZAP scan and code crawler are valuable features.

Read all 27 answers →

What is your experience regarding pricing and costs for OWASP Zap?

Top Answer:The tool is open source.

Read all 16 answers →

Ranking

12th

out of 67 in Application Security Testing (AST)

Views

5,630

Comparisons

4,307

Reviews

Average Words per Review

339

Rating

7.2

8th

out of 67 in Application Security Testing (AST)

Views

21,564

Comparisons

10,271

Reviews

Average Words per Review

372

Rating

7.4

Comparisons

SonarQube vs. HCL AppScan

Compared 15% of the time.

Veracode vs. HCL AppScan

Compared 13% of the time.

Acunetix vs. HCL AppScan

Compared 10% of the time.

Checkmarx One vs. HCL AppScan

Compared 8% of the time.

Fortify WebInspect vs. HCL AppScan

Compared 7% of the time.

More HCL AppScan Competitors →

SonarQube vs. OWASP Zap

Compared 20% of the time.

Acunetix vs. OWASP Zap

Compared 12% of the time.

PortSwigger Burp Suite Professional vs. OWASP Zap

Compared 11% of the time.

Qualys Web Application Scanning vs. OWASP Zap

Compared 11% of the time.

SonarCloud vs. OWASP Zap

Compared 3% of the time.

More OWASP Zap Competitors →

Also Known As

IBM Security AppScan, Rational AppScan, AppScan

Learn More

HCLTech

OWASP

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

OWASP Zap is a free and open-source web application security scanner.

The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues.

With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS

Top Industries

REVIEWERS

Government15%

Transportation Company15%

Manufacturing Company10%

Insurance Company10%

VISITORS READING REVIEWS

Computer Software Company19%

Financial Services Firm14%

Government10%

Manufacturing Company9%

REVIEWERS

Computer Software Company25%

Financial Services Firm15%

Retailer10%

Energy/Utilities Company10%

VISITORS READING REVIEWS

Computer Software Company18%

Financial Services Firm10%

Comms Service Provider7%

Government7%

Company Size

REVIEWERS

Small Business24%

Midsize Enterprise13%

Large Enterprise63%

VISITORS READING REVIEWS

Small Business16%

Midsize Enterprise13%

Large Enterprise71%

REVIEWERS

Small Business22%

Midsize Enterprise30%

Large Enterprise49%

VISITORS READING REVIEWS

Small Business21%

Midsize Enterprise15%

Large Enterprise64%

HCL AppScan vs OWASP Zap comparison

HCL AppScan

OWASP Zap