We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product is useful, particularly in its sensitivity and scanning capabilities."
"It provides a better integration for our ecosystem."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"There's extensive functionality with custom rules and a custom knowledge base."
"This is a stable solution."
"We are now deploying less defects to production."
"The security and the dashboard are the most valuable features."
"AppScan is stable."
"The solution is good at reporting the vulnerabilities of the application."
"The interface is easy to use."
"The product discovers more vulnerabilities compared to other tools."
"It can be used effectively for internal auditing."
"The best feature is the Zap HUD (Heads Up Display) because the customers can use the website normally. If we scan websites with automatic scanning, and the website has a web application firewall, it's very difficult."
"We use the solution for security testing."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"Simple to use, good user interface."
"The penetration testing feature should be included."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"AppScan is too complicated and should be made more user-friendly."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"A desktop version should be added."
"The ability to search the internet for other use cases and to use the solution to make applications more secure should be addressed."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"It doesn't run on absolutely every operating system."
"I'd like to see a kind of feature where we can just track what our last vulnerability was and how it has improved or not. More reports that can have some kind of base-lining, I think that would be a good feature too. I'm not sure whether it can be achieved and implement but I think that would really help."
"There's very little documentation that comes with OWASP Zap."
"There isn't too much information about it online."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
"The product should allow users to customize the report based on their needs."
HCL AppScan is ranked 12th in Application Security Testing (AST) with 39 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. HCL AppScan is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Fortify WebInspect, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and SonarCloud. See our HCL AppScan vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.