• Home
  • HCL AppScan vs. Veracode

HCL AppScan vs Veracode comparison

Cancel
You must select at least 2 products to compare!
HCLTech Logo

HCL AppScan

Read 39 HCL AppScan reviews
5,557 views|4,286 comparisons
81% willing to recommend
Veracode Logo

Veracode

Read 193 Veracode reviews
26,359 views|17,613 comparisons
89% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
HCL AppScan vs. Veracode
March 2024
Executive Summary

We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed HCL AppScan vs. Veracode Report (Updated: March 2024).
Download the complete report
767,667 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Veracode but chose HCL AppScan: The ease of use is key, the developers can actually use it and get results from dynamic testing
It helps the organization the way we process the entire thing. It has actually helped a little bit with the speed of delivery too, which was... Read more →
Rajeev B.
Researched HCL AppScan but chose Veracode: Helps developers to create secure code but should have better visibility of the code flow
We use it for static application security testing. It helps us with proactivity. Before the product or the application is deployed on the... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We use it as a security testing application.""The reporting part is the most valuable feature.""The most valuable feature of HCL AppScan is scanning QR codes.""It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy.""Compared to other tools only AppScan supports special language.""Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.""It's generally a very user-friendly tool. Anyone can easily learn how to scan""This is a stable solution."

More HCL AppScan Pros →

"The most valuable feature is the efficiency of the tool in finding vulnerabilities.""The most valuable feature of Veracode Static Analysis is the scanning.""The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA.""It eases integration into our workflow. Veracode is part of our Jenkins build, so whenever we build our software, Jenkins will automatically submit the code bundle over to Veracode, which automatically kicks off the static analysis. It sends an email when it's done, and we look at the report.""The pricing is worth it.""The time savings has been tremendous. We saw ROI in the first six months.""We are using the Veracode tools to expose the engineers to the security vulnerabilities that were introduced with the new features, i.e. a lot faster or sooner in the development life cycle.""It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."

More Veracode Pros →

Cons
"The solution's scalability can be a matter of concern because one license runs on one machine only.""I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources.""A desktop version should be added.""We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated.""The pricing has room for improvement.""The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper.""There is not a central management for static and dynamic.""We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."

More HCL AppScan Cons →

"They should improve on the static scanning time.""The sandbox could use some improvement; when creating a sandbox, it requires us to put the application name in twice, which seems unnecessary.""The number of false positives could be reduced a lot. For each good result, we are getting somewhere around 15 to 20 false positives.""In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology.""The interface is basic and has room for improvement.""The support team could be more responsive, and the dependency of users on the support team is too high and should be reduced.""It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount.""The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most."

More Veracode Cons →

Pricing and Cost Advice
  • "AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • "The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

    • More HCL AppScan Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    767,667 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about HCL AppScan?
    Top Answer:The product has valuable features for static and dynamic testing.
    Read all 17 answers   →
    What needs improvement with HCL AppScan?
    Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify… more »
    Read all 20 answers   →
    What is your primary use case for HCL AppScan?
    Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.
    Read all 18 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    14th
    out of 74 in Application Security Tools
    Views
    5,557
    Comparisons
    4,286
    Reviews
    17
    Average Words per Review
    339
    Rating
    7.2
    2nd
    out of 74 in Application Security Tools
    Views
    26,359
    Comparisons
    17,613
    Reviews
    99
    Average Words per Review
    970
    Rating
    8.1
    Comparisons
    SonarQube logo
    SonarQube vs. HCL AppScan
    Compared 15% of the time.
    Acunetix logo
    Acunetix vs. HCL AppScan
    Compared 10% of the time.
    Checkmarx One logo
    Checkmarx One vs. HCL AppScan
    Compared 8% of the time.
    OWASP Zap logo
    OWASP Zap vs. HCL AppScan
    Compared 8% of the time.
    More HCL AppScan Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 27% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 6% of the time.
    Mend.io logo
    Mend.io vs. Veracode
    Compared 3% of the time.
    More Veracode Competitors   →
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Crashtest Security , Veracode Detect
    Learn More
    HCLTech
    Veracode
    Overview

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Sample Customers
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Government16%
    Transportation Company16%
    Comms Service Provider11%
    Financial Services Firm11%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Government10%
    Manufacturing Company9%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business25%
    Midsize Enterprise11%
    Large Enterprise64%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise71%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    HCL AppScan vs. Veracode
    March 2024
    Free Report: HCL AppScan vs. Veracode
    Find out what your peers are saying about HCL AppScan vs. Veracode and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    767,667 professionals have used our research since 2012.

    HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. HCL AppScan is rated 7.6, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". HCL AppScan is most compared with SonarQube, Acunetix, Checkmarx One, PortSwigger Burp Suite Professional and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and Mend.io. See our HCL AppScan vs. Veracode report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.